You can enhance your incident detections with the Targeted Attack Analytics. When this feature is enabled, ATP receives data from the cloud-based the Targeted Attack Analytics service hourly. ATP then uses that information to generate new incidents or to add to existing ATP incidents. New incidents are created with the previous 3 months of Symantec Endpoint Protection telemetry as soon as you successfully enable this feature. Targeted Attack Analytics incidents appear in the Incident Manager the same as the other incidents that ATP detects.
You must have Symantec Endpoint Protection telemetry enabled to use this feature. See your Symantec™ Endpoint Protection Manager documentation for more information. And when you enable this feature, make sure that you also enable access to the required port so that ATP can access the service.
To enable this feature, you must have a valid Symantec Endpoint Protection license file that you can upload to ATP Manager. You can use the same Symantec Endpoint Protection license across multiple ATP Manager instances.
To enable the Targeted Attack Analytics
In ATP Manager on the Settings > Global page, scroll down to Targeted Attack Analytics.
In the upload dialog box, type a description for your Symantec Endpoint Protection license.
This description should be a unique to let you distinguish this license from other Symantec Endpoint Protection licenses.
Click Browse to find and select your license file.
The status of the Targeted Attack Analytics service registration appears. Initially, the status is PENDING. Once the license is validated, it appears in ATP Manager as REGISTERED. Licenses that do not successfully register appear as FAILURE. You can find out more information about Targeted Attack Analytics registration errors in the ATP Manager system health.