Symantec
About Symantec and DeepSight Intelligence
Symantec Corporation (NASDAQ: SYMC) is the global leader in cybersecurity. Operating one of the world’s largest cyber intelligence networks, we see more threats, and protect more customers from the next generation of attacks. We help companies, governments and individuals secure their most important data wherever it lives.
Symantec’s DeepSight Intelligence arms security teams with actionable insights that provide a deeper understanding of the threat landscape so companies can better anticipate and mitigate cybersecurity risk.
Specialties
Integrations
Symantec Endpoint Detection and Response (EDR)
The integration between ThreatConnect and Symantec Endpoint Detection and Response allows users to perform a plethora of actions in Symantec EDR as part of SOC/IR processes. Some notable actions include adding IOCs to Blacklists, detonating files, and isolating infected hosts as part of an investigation. The following actions are available in the Platbooks app:
- EOC File Search
- Create, Delete, Get & Update Blacklist
- Create, Delete, Get & Update Whitelist
- Detonate File
- EOC Search
- Get Entities
- Get Entities by Type
- Get Entities Instances by Type
- Get Entities Specific Instances by Type
- Get Events
- Get File Activity
- Get File Events
- Get File Entities
- Get Blacklist
- Get File For File Store
- Get Incidents
- Get Incident Comments
- Isolate & Unisolate
- Recorder Search
- Update Incident Comment
- Update Incident Resolution
- Update Incident Status to Close
- This app is a set of Symantec EDR Actions.
This listing can be found in the ThreatConnect App Catalog under the name Symantec Endpoint Detection and Response (EDR).
Built By ThreatConnect
Symantec Endpoint Protection
- EOC File Search
- Get Baseline
- Get Computers
- Get File Details
- Get File
- Quarantine & Undo Quarantine
- Update Content
Built By ThreatConnect