Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

Symantec

About Symantec and DeepSight Intelligence

Symantec Corporation (NASDAQ: SYMC) is the global leader in cybersecurity. Operating one of the world’s largest cyber intelligence networks, we see more threats, and protect more customers from the next generation of attacks. We help companies, governments and individuals secure their most important data wherever it lives.

Symantec’s DeepSight Intelligence arms security teams with actionable insights that provide a deeper understanding of the threat landscape so companies can better anticipate and mitigate cybersecurity risk.

Integrations

Symantec Endpoint Detection and Response (EDR)

The integration between ThreatConnect and Symantec Endpoint Detection and Response allows users to perform a plethora of actions in Symantec EDR as part of SOC/IR processes. Some notable actions include adding IOCs to Blacklists, detonating files, and isolating infected hosts as part of an investigation. The following actions are available in the Platbooks app:

  • EOC File Search
  • Create, Delete, Get  & Update Blacklist
  • Create, Delete, Get & Update Whitelist
  • Detonate File
  • EOC Search
  • Get Entities
  • Get Entities by Type
  • Get Entities Instances by Type
  • Get Entities Specific Instances by Type
  • Get Events
  • Get File Activity
  • Get File Events
  • Get File Entities
  • Get Blacklist
  • Get File For File Store
  • Get Incidents
  • Get Incident Comments
  • Isolate & Unisolate
  • Recorder Search
  • Update Incident Comment
  • Update Incident Resolution
  • Update Incident Status to Close
  • This app is a set of Symantec EDR Actions.

This listing can be found in the ThreatConnect App Catalog under the name Symantec Endpoint Detection and Response (EDR).

Keep Reading
dark orange ThreatConnect TC logo

Built By ThreatConnect

Symantec Endpoint Protection

The integration between ThreatConnect and Symantec Endpoint Protection (SEP) allows users to perform multiple actions in Symantec Endpoint Protection Management. The following actions are available:
  • EOC File Search
  • Get Baseline
  • Get Computers
  • Get File Details
  • Get File
  • Quarantine & Undo Quarantine
  • Update Content
This listing can be found in the ThreatConnect App Catalog under the name Symantec Endpoint Protection.
Keep Reading
dark orange ThreatConnect TC logo

Built By ThreatConnect

Looking for an
integration not shown?