This quick start guide will provide instructions to setup the Symantec™ Managed Security Services (MSS) Log collection Platform (LCP).
The document includes the following topics:
The Log Collection Platform (LCP) is designed to collect, compress, and transmit your log data securely to Symantec MSS. The LCPs are installed on customer provisioned hardware and thereafter solely managed by Symantec MSS. This allows Symantec to correlate, store, and analyze the data collected from the customer’s devices.
Figure 1-1 : MSS Log Collection Platform
A technology device (or applications) or mix of devices detect and log activity on the network.
Event Collectors gather, filter, and aggregate the log data and forward both the raw and processed log data to the Event Agent for transmission to the LCP. In some configurations, an offbox collector and agent may be required.
The on‐premises LCP receives the log data; which is then compressed for transport and digitally signed as originating from the device in question. The compressed, signed data is sent to the SOC from customer devices secured by TLS 1.2 protocol using RSA‐2048‐bit encryption.
Log data is stored in a proprietary, read‐only system in a completely separated database table space residing in a protected environment within the database infrastructure
The Device log files are run through the Symantec MSS STP (SOC Technology Platform) for multilayer post‐processing and presented to analysts for incident validation.
Self- service MSS Portal Dashboards and Reports are available for customer access.
|Config||Peak LEPS||Sustained LEPS||CPU||RAM||HDD|
Physical: 4XQuad-core running at 1.7GHz or greater, x64 compatible
Virtual: 16 CPUs
Physical: 2xQuad‐core running at 1.7GHz or greater, x64 compatible
Virtual: 8 CPUs
|8 GB||250 GB|
Confirm that the Hardware on which the LCP is to be installed is supported by Cent OS 6.10.
Requires a static IP address and fully qualified domain name.
VM performance estimates closely match those of similarly configured physical hardware, with only marginal degradation.
VMTools installation is recommended.
VMWare CPU and RAM resource reservation is mandatory. Please refer vendor documentation for instructions on how to reserve CPU and RAM resources.
When creating the virtual machine, use the Typical setting, ensure that the disk type is Eager Zeroed Thick Provision and select LSI logic parallel as SCSI Controller.
|MSS management access and fault monitoring|
|<LCP IP>||126.96.36.199, 188.8.131.52; OR
|UDP/123||NTP- Network Time Protocol|
|RSIP-Remote Secure Import Protocol for log uploading|
|<LCP IP>||liveupdate.symantecliveupdate.com||TCP/443||Symantec LiveUpdate - Primary|
|<LCP IP>||184.108.40.206||TCP/80||Symatec MSS Liveupdate - Secondary|
|<LCP IP>||<Local DNS Server>||TCP/53;UDP/53||DNS resolution|
Customer will provide MSS with a public facing IP address of the machine from which they will be downloading the ISO image.
Onboarding Engineer will provide information to download ISO image.
Customer will install the ISO image on the customer‐provisioned platform designed per technical requirement specifications above. LCP Depolyment guide availabe here
Note: Customer will install following the instructions in the installation guide and using the relevant information provided by the Onboarding Engineer.
Customer will then notify the Onboarding Engineer that the installation has been completed and confirm with the team the relevant information for technology, such as IP address and hostname.
Onboarding Engineer will kick‐off the qualification process.
Once the qualification process begins, an MSS Qualification Engineer will harden the box.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.