We're planning to add our Symantec Endpoint Protection management server to enVision. The Device Configuration indicates we can select from a variety of SEPM logs:
Management Server Logs
- System Administrative Log
-System Client-Server Activity Log
-System Server Activity Log
- Client Activity Log
- Security Log
- Traffic Log
- Packet Log
- Control Log
- Scan Log
- Risk Log
- Proactive Threat Protection Log
1) Do we need the client logs to see virus/malware activity, or is that information encapsulated in the Management Server logs?
2) If we do grab client logs, does SEPM still count as one device in enVision, or do we have to account for each SEPM clients individually in enVision?