You can integrate Symantec Endpoint Detection and Response with Symantec Endpoint Protection (SEP). SEP blocks malware from reaching network endpoints. If the network on which you install Symantec EDR:N is also protected by SEP, data from the Symantec Endpoint Protection Manager (SEPM) databases can be correlated with data from Symantec EDR:N, giving you a more comprehensive view of threat detection and a more accurate picture of active threats.
For example, both Symantec EDR:N and SEP may detect the same malware. When Symantec EDR:N is integrated with SEP, Synapse correlation can determine that the same threat is detected by both systems. Symantec EDR:N can determine that the malware reached and infected the endpoint, and registers the event as High priority. SEP detected the malware and the endpoint and cleaned it from the system. Synapse correlates these two events and sends the results back to Symantec EDR:N. In the Dashboard, the event status changes from High to Info because the threat has been remediated and requires no investigation.
Symantec EDR:N supports SEPM databases in Microsoft SQL Server database format or Sybase Server Data format.
The Symantec EDR:N database system is not compatible with the SEPM internal database format.
SEPM integration requires Symantec EDR:N to collect event logs from your SEPM databases. To integrate Symantec EDR:N with SEPM, you provide the information that allows Symantec EDR:N to connect to the SEPM database(s), and then you enable Synapse to let the data to be correlated.
To integrate Symantec EDR with SEPM
In the EDR appliance console, click Admin > Global Settings.
In the SEPM panel, click + New SEPM.
Enter the following information:
The SEPM name. This field is for your information only.
The database name. This is a specific name for the database itself, not the host name. The name you enter here is case-sensitive and must exactly match the database name that is configured in SEPM.
The listening IP address for the database.
The listening port that is configured for the database.
User and Password
The user name and password that are required to authenticate directly with the database. (This is NOT the SEPM administrator user name and password.)