Symantec Email Security.cloud provides detection methods and intelligence to protect your organization against zero-day threats and targeted attacks. The detection methods include malware analysis and protection against malicious URL links within emails. In addition to blocking known threats, Email Security.cloud sends copies of files of interest to the Symantec cloud-based sandboxing service for additional analysis.
Using Synapse, you can enable correlation between Symantec Endpoint Detection and Response and Email Security.cloud. When this option is enabled, Synapse collects conviction events from Email Security.cloud. It correlates them with events from your other control points (such as Network, Endpoint, and Roaming). When you correlate these events, Synapse looks for relationships based on common threats and suspicious behavior. It then correlates common events into a single incident, helping you to identify and prioritize your work. After you enable Symantec Email Security.cloud Correlation, Symantec EDR starts collecting email events within the hour. You can view information about these events in the EDR appliance console.
To enable correlation, your organization must subscribe to Email Security.cloud where the Email Endpoint Detection and Response service is enabled. This subscription must have a Symantec Email Security.cloud user logon account associated with it that has View Statistics permissions. The logon account is used to enable correlation in the EDR appliance console.
You can enable Symantec Email Security.cloud correlation on multiple Symantec EDR management platforms. However, you must use a different logon account on each platform.
If the credentials for this account change (for example, you change your password), you can re-enter them by disabling and re-enabling Email Security.cloud Correlation in the EDR appliance console.
To enable Synapse correlation with Email Security.cloud
Do one of the following:
In the EDR cloud console, click Settings. Under Environment, select an appliance and then click Global.
In the EDR appliance console, click Settings > Global.
In the Synapse section, check Enable Symantec Email Security.cloud Correlation.
In the dialog box, type the Symantec Email Security.cloud logon name and the Symantec Email Security.cloud password for your Email Security.cloud user logon account.
The format of the user name should be three letters and four numbers (e.g., ABC1234). Symantec provides this user name when you register for the service. Also, these credentials should be separate from the main admin account, have View Statistics permission, and be dedicated to Symantec EDR usage only.
Subscribing will provide email updates when this Article is updated. Login is required.