Splunk® Supported Add-ons

Splunk Add-on for Symantec Endpoint Protection

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Symantec Endpoint Protection

The Splunk Add-on for Symantec Endpoint protection collects data from:

  • Local SEPM dump files
  • Splunk Connect for Syslog

Splunk Add-on for Symantec Endpoint Protection applies the following source types to your monitor inputs:

Source type Description CIM compatibility
symantec:ep:behavior:file Application and device control log data from agt_behavior.tmp. Malware
symantec:ep:agent:file Server client log data from scm_agent_act.tmp. None
symantec:ep:scm_system:file Server system data from scm_system.tmp. None
symantec:ep:proactive:file Client proactive threat log data from agt_proactive.tmp. Malware
symantec:ep:risk:file Client risk log data from agt_risk.tmp. Malware
symantec:ep:scan:file Client scan log data from agt_scan.tmp. None
symantec:ep:security:file Client security log data from agt_security.tmp. Intrusion Detection
symantec:ep:agt_system:file Client system log data from agt_system.tmp. None
symantec:ep:policy:file Server policy log data from scm_policy.tmp. None
symantec:ep:admin:file Server administration log data from scm_admin.tmp. Authentication
symantec:ep:traffic:file Client traffic log data from agt_traffic.tmp. Network Traffic, Intrusion Detection
symantec:ep:packet:file Client packet log data from agt_packet.tmp. None
symantec:ep:admin:syslog Server administration log data from scm_admin syslog. Authentication
symantec:ep:agent:syslog Server client log data from scm_agent_act syslog. None
symantec:ep:agt:system:syslog Client system log data from agt_system syslog. None
symantec:ep:behavior:syslog Application and device control log data from agt_behavior syslog. Malware
symantec:ep:packet:syslog Client packet log data from agt_packet syslog. None
symantec:ep:policy:syslog Server policy log data from scm_policy syslog. None
symantec:ep:proactive:syslog Client proactive threat log data from agt_proactive syslog. Malware
symantec:ep:risk:syslog Client risk log data from agt_risk syslog. Malware
symantec:ep:scan:syslog Client scan log data from agt_scan syslog. None
symantec:ep:scm:system:syslog Server system data from scm_system syslog. None
symantec:ep:security:syslog Client security log data from agt_security syslog. Intrusion Detection
symantec:ep:traffic:syslog Client traffic log data from agt_traffic syslog. Network Traffic, Intrusion Detection
Last modified on 30 October, 2020
PREVIOUS
Troubleshoot the Splunk Add-on for Symantec Endpoint Protection
  NEXT
Lookups for the Splunk Add-on for Symantec Endpoint Protection

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters