Enabling Synapse correlation with Email Security.cloud
Last Updated September 25, 2018
Symantec Email Security.cloud provides detection methods and intelligence to protect your organization against zero-day threats and targeted attacks. The detection methods include malware analysis and protection against malicious URL links within emails. In addition to blocking known threats, Email Security.cloud sends copies of files of interest to the Symantec cloud-based sandboxing service for additional analysis.
Using Synapse, you can enable correlation between Symantec Advanced Threat Protection (ATP) and Email Security.cloud. When this option is enabled, Synapse collects conviction events from Email Security.cloud. It correlates them with events from your other control points (such as Network, Endpoint, and Roaming). When you correlate these events, Synapse looks for relationships based on common threats and suspicious behavior. It then correlates common events into a single incident, helping you to identify and prioritize your work. After you enable Symantec Email Security.cloud Correlation, ATP starts collecting email events within the hour. You can view information about these events in ATP Manager.
To enable correlation, your organization must subscribe to Email Security.cloud where the Email Advanced Threat Protection service is enabled. This subscription must have a Symantec Email Security.cloud user logon account associated with it that has View Statistics permissions. The logon account is used to enable correlation in ATP Manager.
You can enable Symantec Email Security.cloud correlation on multiple ATP management platforms. However, you must use a different logon account on each platform.
If the credentials for this account change (for example, you change your password), you can re-enter them by disabling and re-enabling Email Security.cloud Correlation in ATP Manager.
To enable Synapse correlation with Email Security.cloud
In ATP Manager, click Settings > Global.
In the Synapse section, check Enable Symantec Email Security.cloud Correlation.
In the dialog box, type the Symantec Email Security.cloud logon name and the Symantec Email Security.cloud password for your Email Security.cloud user logon account.
The format of the user name should be three letters and four numbers (e.g., ABC1234). Symantec provides this user name when you register for the service. Also, these credentials should be separate from the main admin account, have View Statistics permission, and be dedicated to ATP usage only.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe