1 |
On SEPM, prepare the database for log collection. |
For Symantec EDR to collect logs from SEP, you must prepare your SEPM database so that Symantec EDR can access it remotely. The tasks that you perform to do this depend on whether SEP uses an:
External Microsoft SQL Server database Microsoft SQL Server supports remote access. Symantec strongly recommends that you create a read-only account on this database so that Symantec EDR can access it. Or, you can let Symantec EDR access it using your DB administrator (sa) credentials. See Creating a SEPM SQL Server database account for Symantec EDR.
SEPM embedded database The SEPM embedded database does not support remote access. For Symantec EDR to access this database, you must download the Synapse Log Collector in the console and then install it on your database computer. See Installing the Synapse Log Collector for the SEPM Embedded Database.
|
2 |
In the console, enable Synapse correlation with SEP. |
For Symantec EDR to connect to your SEPM database, you must enable SEP Correlation.
-
Do one of the following:
In the EDR cloud console, click , select an appliance, and then click .
In the EDR appliance console, click .
Check Enable SEP Correlation.
See About Synapse correlation. |
3 |
In the console, configure a connection to the SEPM database. |
For Symantec EDR to connect to your SEPM database, you must configure a connection from Symantec EDR to that database. See Configuring the connection to the SEPM database. |
4 |
In the console, configure a connection to SEPM. |
For Symantec EDR to communicate with SEPM, you must configure a connection from Symantec EDR to SEPM. The connection serves these purposes:
Administrative changes, such as changes to the whitelist or blacklist made through Symantec EDR, are sent to SEPM through the SEPM Controller connection.
Information about the endpoints managed by SEPM is retrieved through the SEPM controller connection so that it can be associated with event data. For example, computer names that are stored by SEPM can be correlated to IP addresses in event messages.
See About configuring the connection to SEPM. The workflow for configuring the connection to SEPM depends upon which version of Endpoint Communications Channel (ECC) that the SEPM uses (version 1 or version 2). The version of ECC that you use is based on the version of SEP that your clients run. See About Endpoint Communications Channel (ECC). See Enabling ECC 2.0. |
5 |
In SEPM, configure endpoints to send information to the Symantec EDR management node. |
For Symantec EDR to act as a proxy for SEP endpoint computers, you must configure your endpoints to send event data to Symantec EDR through the private cloud setting. See Configuring endpoints in SEPM to communicate with Symantec EDR. |
6 |
In the console, add SSL certificates for secure communication between endpoints and Symantec EDR, if needed. |
If secure communication between endpoints and Symantec EDR is needed when Symantec EDR acts as a proxy for endpoint network communication, you can upload the SSL certificates that may be required to secure the communication. See Securing communication between endpoints and Symantec EDR. |
7 |
In the console, specify whether you have replicating databases in SEPM. |
If you have replicating databases in SEPM, you must check the option.
-
Do one of the following:
In the EDR cloud console, click , select an appliance, and then click .
In the EDR appliance console, click .
In the section, check .
See Configuring Symantec EDR to work with replicating SEPM sites. |
Thanks for your feedback. Let us know if you have additional comments below. (requires login)