Symantec Advanced Threat Protection (ATP) can forward the events and incidents that you specify to an external server. You can specify the primary host that you want to use as well as a secondary host in case the primary host is unreachable.
This feature is referred to as a "webhook" in the ATP API.
The status of the host appears in ATP Manager. Host health is updated every 5 minutes or immediately when any change in health is detected (e.g., a Healthy status changes to Critical). ATP provides notifications when the primary host or the primary host and secondary host fail.
ATP is forwarding incidents and events to the primary host.
The primary host has failed, but ATP is forwarding events and incidents to the secondary host.
The primary host has failed and there is no secondary host configured. This status also appears when both the primary host and secondary host have failed.
The status of the primary host and secondary host (if configured) cannot be determined.
ATP failed to authenticate to the primary host and the secondary host (if configured).
To configure event and incident forwarding
In ATP Manager on the Settings > Data Sharing page, in the Event and Incident Forwarding section click Add Host .
Type the URL of the primary host and a valid user name and password that lets ATP access the host.
Optionally, type the URL of a secondary host and a valid user name and password that lets ATP access the host.
Specify the events and incidents that you want to forward by doing the following:
To forward all supported event types or incidents for a specific category:
Check the box beside the category type to select all of the events or incidents within the category.
To forward only specific event types and incidents for a specific category:
Click the drop-down arrow for the category, and check the events or incidents that you want to forward.
Selecting Process Launch or Process Terminate Data Recorder events can place a high demand on network resources.
Subscribing will provide email updates when this Article is updated. Login is required.