Many thanks for submitting your request, SEP 11 is a frequent asked Event Source.
We are planning support for Symantec SEP V11 Fall 08 via a new innovative delivery mechanism.
More details soon
Many thanks and keep these questions coming.
Any updates on the SEPv11 availability?
Good catch. I've been finding that our reports haven't quite worked as well in 10 than in 11.This was my SQL for a report to just show just the basic information about what has been detected.
VirusName NOT LIKE ''
Has anyone been able to get logs for any of the IPS type of alerts? I have all the security logging enabled in the console but it still hasn't been sent to envision, even in the raw log format. Still researching it though.
Bump. Anyone able to create any IPS or in the SEP world, "network threat protection" type of reports at all? I actually get the raw IDS, or NTP event, but can never get it to show up in EE or parse it for any report.
I don't think all of the modules are supported. I created a SEP11 uds called SymantecEP to cover what I haven't seen in the official release. The most recent addition was parsing for logging file writes and blocking. I don't know if you should use it as an end-all-be all but until RSA gets all of the messages in the Symantec AV xml your might add some of my messages to cover you.
Thank you for the updated device XML. I've passed that along to the team and we'll work on including these messages. Would you be able to share any event logs so the QA team can validate the changes?
Sure thing. Here are some sanitized samples of my most recent addition. I will see what else I kind find. The installation is fairly quiete.
Retrieving data ...