This topic lists the tasks that you must perform to integrate Symantec Endpoint Detection and Response with SEP. Before you perform these tasks, make sure that your SEP environment meets the necessary requirements.
For Symantec EDR to collect logs from SEP, you must prepare your SEPM database so that Symantec EDR can access it remotely. The tasks that you perform to do this depend on whether SEP uses an:
External Microsoft SQL Server database
Microsoft SQL Server supports remote access. Symantec strongly recommends that you create a read-only account on this database so that Symantec EDR can access it. Or, you can let Symantec EDR access it using your DB administrator (sa) credentials.
The SEPM embedded database does not support remote access. For Symantec EDR to access this database, you must download the Synapse Log Collector in the console and then install it on your database computer.
For Symantec EDR to communicate with SEPM, you must configure a connection from Symantec EDR to SEPM.
The connection serves these purposes:
Administrative changes, such as changes to the whitelist or blacklist made through Symantec EDR, are sent to SEPM through the SEPM Controller connection.
Information about the endpoints managed by SEPM is retrieved through the SEPM controller connection so that it can be associated with event data. For example, computer names that are stored by SEPM can be correlated to IP addresses in event messages.
The workflow for configuring the connection to SEPM depends upon which version of Endpoint Communications Channel (ECC) that the SEPM uses (version 1 or version 2). The version of ECC that you use is based on the version of SEP that your clients run.
In the console, add SSL certificates for secure communication between endpoints and Symantec EDR, if needed.
If secure communication between endpoints and Symantec EDR is needed when Symantec EDR acts as a proxy for endpoint network communication, you can upload the SSL certificates that may be required to secure the communication.