Skip to content

kinneygroup/itsi-sep

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
appserver/static
appserver/static
 
 
default
default
 
 
itsi
itsi
 
 
metadata
metadata
 
 
static
static
 
 
.gitignore
.gitignore
 
 
.slimignore
.slimignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.manifest
app.manifest
 
 

Repository files navigation

Summary

The ITSI Content Pack for Symantec Endpoint Protection (SEP) from Kinney Group is specifically designed to monitor the health and performance of SEP across your network. It leverages Splunk ITSI to provide in-depth analysis and visualization of logs for SEP, ensuring that all endpoints are protected and compliant with security policies. This content pack is an essential tool for IT professionals looking to enhance the security and efficiency of their endpoint protection infrastructure.

  • Comprehensive Endpoint Protection Monitoring: Offers detailed insights into the protection status, virus definitions, and policy compliance of endpoints, ensuring optimal security.
  • Real-Time Threat Detection: Monitors and detects various types of threats, including viruses, malware, and spyware, enabling immediate response and mitigation.
  • Enhanced System Performance: Tracks the impact of SEP on system performance, including CPU and memory usage, to ensure that endpoint protection does not hinder system operations.

This ITSI Content Pack is open source and available for community collaboration and enhancement on GitHub.

For more information about Kinney Group's Splunk Products, visit our website.

Details

The ITSI Content Pack for Symantec Endpoint Protection (SEP) contains service definitions and KPIs ready to import to ITSI. The KPI Thresholds and importance values are set to defaults so that they can be tuned manually for your use case. This content pack helps users monitor the overall protection status of endpoints, ensuring that virus definitions are up-to-date, real-time protection is enabled, and security policies are complied with.

Kinney Group ITSI Content Pack Blog

For more information about Kinney Group's Splunk Products, visit our website.

Services

SEP monitoring encompasses several specialized services, each targeting specific aspects of endpoint protection:

  1. Endpoint Protection
    • Description: Manages the overall protection status of endpoints, including real-time protection, virus definitions, and policy compliance.
  2. Virus Definitions
    • Description: Ensures that all endpoints have the latest virus and spyware definitions.
  3. Real-Time Protection
    • Description: Monitors and ensures that real-time protection features like Auto-Protect are enabled and functioning.
  4. Policy Compliance
    • Description: Ensures that all endpoints comply with the defined security policies.
  5. Threat Detection
    • Description: Monitors and detects various types of threats, including viruses, malware, and spyware.
  6. System Performance
    • Description: Monitors the impact of Symantec Endpoint Protection on system performance, including CPU and memory usage.
  7. Network Activity
    • Description: Monitors network traffic related to Symantec Endpoint Protection, including blocked and allowed connections.

KPIs

Each service utilizes specific KPIs to measure its effectiveness:

  1. Definition Status
    • Description: Status of virus definition updates.
  2. Definition Age
    • Description: Age of the virus definitions on endpoints.
  3. Auto-Protect Status
    • Description: Status of Auto-Protect.
  4. Real-Time Enabled
    • Description: Check if real-time protection is enabled.
  5. Compliance Status
    • Description: Compliance status of endpoints with security policies.
  6. Non-Compliance Count
    • Description: Number of endpoints out of compliance.
  7. Detected Threats
    • Description: Number of detected threats.
  8. Threat Types
    • Description: Types of threats detected.
  9. Resolved Threats
    • Description: Number of resolved threats.
  10. CPU Usage
    • Description: CPU usage by SEP processes.
  11. Memory Usage
    • Description: Memory usage by SEP processes.
  12. Blocked Connections
    • Description: Number of blocked network connections.
  13. Allowed Connections
    • Description: Number of allowed network connections.

Relationships

Dependencies:

Services are interconnected; for instance, Endpoint Protection is dependent on Virus Definitions, Real-Time Protection, and Policy Compliance. Similarly, Virus Definitions rely on Update Distribution to ensure all endpoints receive the latest definitions.

Hierarchical Structure:

Some services form a hierarchy, such as Real-Time Protection depending on Threat Detection, illustrating a layered approach to protection where base metrics support broader security indicators.

Installation

Installation prerequisites:

Splunk Addon for Symantec

Splunk App for Content Packs

Splunk ITSI

Troubleshooting

Kinney Group ITSI Content Pack Blog

Github and Readme

support@kinneygroup.com

Contact

To provide feedback, visit our Github and Readme for our content packs.

support@kinneygroup.com

For more information about Kinney Group's Splunk Products, visit our website

Version History

Version Date Description
0.0.1 06/06/24 Initial Preview Release

Considerations:

Kinney Group ITSI Content Pack Blog

About

ITSI Content Pack for Symantec Endpoint Protection

Topics

splunk symantec endpoint itsi

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published