Symantec EDR: Roaming is a Symantec Web Security.cloud service that detects and blocks the threats that are embedded in unencrypted (HTTP) and SSL-encrypted (HTTPS) web traffic. EDR: Roaming inspects web traffic from both your on-LAN and off-LAN (or "roaming") users. It also sends copies of files to Symantec's cloud-based sandbox for additional analysis.
Using Synapse, you can enable correlation between Symantec Endpoint Detection and Response and EDR: Roaming. When you enable EDR: Roaming, Synapse collects events from EDR: Roaming and correlates them with events from your other control points (such as Network, Endpoint, and Email). When Symantec EDR correlates these events, it looks for relationships based on common threats and suspicious behavior. It then aggregates common threat events into a single incident, helping you to identify and prioritize your work. After you enable EDR: Roaming Correlation, Symantec EDR starts collecting events within the hour. You can view information about these events in EDR appliance console.
To enable correlation, your organization must have a licensed Symantec.cloud account for which Symantec EDR: Roaming is enabled. This account must have a Symantec Web Security.cloud user logon account associated with it that has View Statistics permissions.
To enable Synapse correlation with Symantec EDR: Roaming
Do one of the following:
In the EDR cloud console, click Settings. Under Environment, select an appliance and then click Global.
In the EDR appliance console, click Settings > Global.
In the Synapse section, check Enable Roaming Correlation.
In the dialog box, type the Symantec Web Security.cloud logon name and the Symantec Web Security.cloud password for your Web Security.cloud account.
The format of the user name should be three letters and four numbers (e.g., ABC1234). Symantec provides this user name when you register for the service. Also, these credentials should be separate from the main admin account, have View Statistics permission, and be dedicated to Symantec EDR usage only.