Symantec Information Centric Analytics Symantec ICT Integration Guide. Version 6.5

Similar documents
Symantec Control Compliance Suite Express Security Content Update for Microsoft Windows Server 2008 R2 (CIS Benchmark 2.1.

Symantec Control Compliance Suite Express Security Content Update for JBoss Enterprise Application Platform 6.3. Release Notes

Partner Information. Integration Overview. Remote Access Integration Architecture

Enterprise Vault Versions of FSA Agent and Enterprise Vault Reporting or later

Symantec Cloud Workload Protection on AWS Marketplace. Buyer's Guide for Getting Started

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Partner Information. Integration Overview Authentication Methods Supported

Enterprise Vault Migrating Data Using the Microsoft Azure Blob Storage Migrator or later

Symantec Enterprise Vault

Symantec Enterprise Vault

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version May 2017

Symantec Protection Center Getting Started Guide. Version 2.0

Enterprise Vault Using SQL Database Roles in Enterprise Vault, Compliance Accelerator, and Discovery Accelerator

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version January 2017

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

Symantec Workflow Solution 7.1 MP1 Installation and Configuration Guide

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Symantec Validation & ID Protection Service. Integration Guide for Microsoft Outlook Web App

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Enterprise Vault Requesting and Applying an SSL Certificate and later

Symantec Enterprise Vault

Creating New MACHINEGUID and Disk UUID Using the PGPWdeUpdateMachineUUID.exe Utility

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Veritas ediscovery Platform

Patch Assessment Content Update Getting Started Guide for CCS 12.0

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

Veritas Desktop and Laptop Option 9.2. Disaster Recovery Scenarios

Veritas Desktop and Laptop Option Mac Getting Started Guide

Veritas Desktop Agent for Mac Getting Started Guide

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Veritas Data Insight Software Compatibility List 6.1.1

Symantec Mail Security for Microsoft Exchange 7.9 Getting Started Guide

Symantec NetBackup Vault Operator's Guide

Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials. Solaris 10

Security Content Update Release Notes for CCS 12.x

PGP NetShare FlexResponse Plug-In for Data Loss Prevention

Veritas Data Insight 6.1 Software Compatibility List 6.1

Symantec Workflow 7.1 MP1 Release Notes

Symantec Enterprise Vault Technical Note

Veritas CommandCentral Enterprise Reporter Release Notes

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Symantec Enterprise Vault Technical Note

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Enterprise Vault Configuring Internal and External WebApp URLs for OWA SP4 and later

Altiris IT Analytics Solution 7.1 from Symantec User Guide

Veritas NetBackup OpsCenter Reporting Guide. Release 8.0

Enterprise Vault Troubleshooting FSA Reporting. 12 and later

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server

Patch Assessment Content Update Getting Started Guide for CCS 11.1.x and CCS 11.5.x

Veritas System Recovery 18 Management Solution Administrator's Guide

Veritas Enterprise Vault Guide for Mac OS X Users 12.2

Veritas Enterprise Vault Setting up SharePoint Server Archiving 12.2

Altiris Client Management Suite 7.1 from Symantec User Guide

Altiris Symantec Endpoint Protection Integration Component 7.1 SP1 Release Notes

Symantec ApplicationHA Agent for Microsoft SQL Server 2008 and 2008 R2 Configuration Guide

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Veritas Desktop and Laptop Option 9.1 Qualification Details with Cloud Service Providers (Microsoft Azure and Amazon Web Services)

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Veritas Desktop and Laptop Option 9.2

Symantec Security Information Manager FIPS Operational Mode Guide

Veritas Desktop and Laptop Option Mobile Application Getting Started Guide

Veritas NetBackup for Microsoft SQL Server Administrator's Guide

Veritas SaaS Backup for Salesforce

Veritas Backup Exec Quick Installation Guide

Dell PowerVault DL Backup to Disk Appliance and. Storage Provisioning Option

PRECISE SAP LITE PERFORMANCE ASSESSMENT

Veritas NetBackup Backup, Archive, and Restore Getting Started Guide. Release 8.1.2

Veritas Access Enterprise Vault Solutions Guide

Veritas Enterprise Vault Managing Retention 12.1

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Microsoft SharePoint Server

Enterprise Vault Guide for Outlook Users

Veritas Backup Exec Migration Assistant

Symantec Enterprise Vault

Veritas Operations Manager Storage Insight Add-on for Deep Array Discovery and Mapping 4.0 User's Guide

Veritas ediscovery Platform

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Veritas NetBackup for SQLite Administrator's Guide

Symantec NetBackup OpsCenter Reporting Guide. Release 7.7

Veritas NetBackup Vault Operator's Guide

Altiris Software Management Solution 7.1 from Symantec User Guide

Symantec NetBackup for Lotus Notes Administrator's Guide. Release 7.6

Veritas Desktop and Laptop Option 9.2. High Availability (HA) with DLO

Configuring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms

IM: Symantec Security Information Manager Patch 4 Resolved Issues

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

NetBackup Self Service Release Notes

Symantec Enterprise Security Manager Modules for Oracle Release Notes

Veritas NetBackup for Lotus Notes Administrator's Guide

Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Microsoft SharePoint 2013

Veritas Enterprise Vault Setting up SMTP Archiving 12.1

Veritas ediscovery Platform. Compatibility Charts

NetBackup Copilot for Oracle Configuration Guide. Release 2.7.1

Veritas NetBackup OpenStorage Solutions Guide for Disk

Securing Your Environment with Dell Client Manager and Symantec Endpoint Protection

Veritas System Recovery 16 Management Solution Administrator's Guide

Configuring Symantec. device

Enterprise Vault.cloud Archive Migrator Guide. Archive Migrator versions 1.2 and 1.3

Veritas NetBackup for Microsoft Exchange Server Administrator s Guide

Transcription:

Symantec Information Centric Analytics Symantec ICT Integration Guide Version 6.5

Symantec ICA Symantec ICT Integration Guide, powered by Bay Dynamics Product version 6.5 Documentation version: 1 This document was last updated on: July 3, 2018. Copyright 2018 Symantec Corporation. All rights reserved. BAY DYNAMICS is a registered trademark of Bay Dynamics, Inc. Other names may be trademarks of their respective owners. Symantec, the Symantec Logo, the Checkmark Logo, Enterprise Vault, Compliance Accelerator, and Discovery Accelerator are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Software file accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of

the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation, 350 Ellis Street, Mountain View, CA 94043 http://www.symantec.com

Contents Preface 6 Related Documentation 6 Style Conventions 6 Chapter 1: Overview of Symantec ICT Integration Pack 8 Chapter 2: Using the Integration Wizard 10 Task 1: Configuring a Data Source 11 Task 2: Creating a Query 12 Task 3: Creating a Data Integration 16 Task 4: Processing the Query Data 16 Appendix A: Integration Wizard Mappings for Symantec ICT Data 18 Required Symantec ICT Fields 18 Optional Symantec ICT Fields 18 Create and Associate Symantec ICT Fields 19 4

5

Preface This guide is for Symantec ICA administrators. It provides guidance about how to install, and configure the Symantec ICT integration pack. Related Documentation Style Conventions The following books provide additional information about Symantec ICA: Symantec ICA User Guide Symantec ICA Administration Guide Symantec ICA Dashboard Designer Guide Symantec ICA Integration Guide Symantec ICA Cube Reference Symantec ICA Release Notes Symantec ICA integration guides This guide uses the following style conventions: Element Bold Italic Monospace Italic Monospace NOTE Meaning Signifies user interface elements. Indicates the titles of books and other substantial publications, or a placeholder variable. Indicates placeholder sets that represent variables in code examples. Defines code and script samples, and characters typed exactly as shown, including commands, switches, and file names. Alerts the reader to supplementary information. 6

7

Chapter 1 Overview of Symantec ICT Integration Pack The Symantec ICA Symantec ICT integration pack pulls the Symantec ICT data directly from the relational database. The data is used by Symantec ICA to update relevant data in motion incidents data in the core logical data warehouse (LDW). The following process describes how the Symantec ICT data stored in the relational database server is transferred to the Symantec ICA database: NOTE: In this document, the relational database is a Microsoft SQL Server database. 1. The Symantec ICT data is collected in the Microsoft SQL Server database. 2. The Symantec ICA integration wizard queries data from the Microsoft SQL Server server using a client connection. Overview of Symantec ICT Integration Pack Page 8

Chapter 1: Overview of Symantec ICT Integration Pack 3. The integration wizard parses the data, and inserts it into the appropriate tables in the Symantec ICA relational database. 4. Symantec ICA uses the data as its source for data in motion incidents analysis. Page 9 Overview of Symantec ICT Integration Pack

Chapter 2 Using the Integration Wizard Symantec ICA pulls Symantec ICT data by integrating with Microsoft SQL Server by connecting directly to the Microsoft SQL Server instance for the purpose of extracting, incorporating, and federating data within Symantec ICA. This one-way pull of data allows for the Symantec ICT data to be used in connection to the data already collected by the Symantec ICA platform in order to provide additional context with advanced reporting and behavior analytics. This integration is a critical component for realizing the benefit of Symantec ICA for management and bulk remediation of user incidents as well as highlighting prioritized events and top offenders in your environment. Administrators use the Symantec ICA integration wizard to define integration packs for their environment. The wizard has one section for data sources, and one section for data integration mappings. The data source section defines how data is brought to Symantec ICA and loaded in a staging table. The data integrations section defines how the data is mapped from the staging table to a Symantec ICA logical data warehouse (LDW) table. There are tasks associated with each section, and all tasks must be completed to define an integration pack. The following tasks describe how to use the integration wizard: Task 1: Configuring a Data Source Task 2: Creating a Query Task 3: Creating a Data Integration Task 4: Processing the Query Data The following information should be collected before using the integration wizard: Microsoft SQL Server name: Name of the server. Microsoft SQL Server database name: Name of the database that has the data. Server port: HTTP port for Microsoft SQL Server. The default port is 1433 for Microsoft SQL Server. User name: User name to connect to Microsoft SQL Server. Password: Password associated to the user connecting to Microsoft SQL Server. Using the Integration Wizard Page 10

Task 1: Configuring a Data Source API Server: Name of the SQL Server API server. API Port: API port for SQL Server. Proxy: HTTP connection proxy, if it used in the environment. API Login: Log-in name for the SQL Server API connection. API Password: Password associated to the user connecting to Microsoft SQL Server. Task 1: Configuring a Data Source A data source is a database or API source that can connect to the Symantec ICA database. Configuration of a data source involves first identifying the source, and then writing a query to pull data. A data source can be associated to more than one query, however a query can only be related to one data source. When designing the query for the data source do the following: Ensure the query compiles and runs against the data source. Cast the data types as follows: Integer data types to int data type, such as SELECT CAST (EP.EPEventID as int) as SourceEventID NVARCHAR data types to NVARCHAR data type, such as SELECT CAST (DIP.Name as nvarchar(100)) as \ DestinationIPAddress DATETIME data types to date, such as SELECT CAST (EP.EventDate as datetime) as EventDate Include a date and event identifier in the query. To configure the data source for an integration pack, do the following: 1. Ensure that the server name, database name, port, log in name, and password for the data source are available. 2. Ensure that the query that will run on the data source is available, and returns the correct results. 3. In the Symantec ICA administration console, select Integration, and then select Data Sources. 4. Click Create Data Source. 5. Select SQL Server IW. 6. Enter the data source label. The data source label is displayed in the integration wizard. It does not affect the data integration. Page 11 Using the Integration Wizard

Task 2: Creating a Query 7. Enter the following information based on the SQL Server source: Server Name: Name of the Microsoft SQL Server. SQL Database Name: Name of the Microsoft SQL Server database that has the source data. Server Port: HTTP port, if different from the default port of 1433. Authentication mode. Options are Windows/Activity Directory and User/Pass. If User/Pass is selected, then enter the following: Username: User name for the Microsoft SQL Server connection. Password: password for the Microsoft SQL Server user. 8. Click Save to save the data source. Task 2: Creating a Query To create a query to pull data from a Microsoft SQL Server table, do the following: 1. Right-click the data source, and select Create Query. 2. Enter the query name and description. 3. Enter the query statement. The following is an example of an Symantec ICT query: WITH EmailAtt AS ( SELECT EmailAttachments.emailatt_fileName, EmailAttachments.emailatt_id, EmailAttachments.emailatt_guid, EmailAttachments.classification_id, EmailLogs_ EmailAttachments.emaillog_id FROM INNER JOIN ON EmailLogs_EmailAttachments EmailAttachments EmailAttachments.emailatt_id = EmailLogs_ EmailAttachments.emailatt_id LEFT JOIN Classifications ON EmailAttachments.classification_id = Classifications.classification_id ), EmailRecipientList AS ( SELECT EmailLogs.emaillog_id,EmailAddresses_TO.emailaddr_address as RecipientIdentifier FROM INNER JOIN ON INNER JOIN EmailToAddresses EmailLogs EmailToAddresses.emaillog_id = EmailLogs.emaillog_id EmailAddresses EmailAddresses_TO Using the Integration Wizard Page 12

Task 2: Creating a Query ON EmailAddresses_TO.emailaddr_id = EmailToAddresses.emailaddr_id UNION ALL SELECT EmailLogs.emaillog_id,EmailAddresses.emailaddr_address as RecipientIdentifier FROM EmailLogs INNER JOIN EmailCcAddresses ON EmailCcAddresses.emaillog_id = EmailLogs.emaillog_id INNER JOIN EmailAddresses EmailAddresses ON EmailAddresses.emailaddr_id = EmailCcAddresses.emailaddr_id UNION ALL SELECT EmailLogs.emaillog_id,EmailAddresses.emailaddr_address as RecipientIdentifier FROM EmailLogs INNER JOIN EmailBCcAddresses ON EmailBCcAddresses.emaillog_id = EmailLogs.emaillog_id INNER JOIN EmailAddresses EmailAddresses ON EmailAddresses.emailaddr_id = EmailBCcAddresses.emailaddr_id ) SELECT DISTINCT LogEntries.logentry_id as SourceIncidentID, LogEntries.logentry_clientDate as OccurredDate, LogEntries.logentry_serverDate as IncidentDate, EmailLogs.logentry_id as SourceAuditLogID, EmailLogs.emaillog_ subject as MessageSubject, EmailLogs.emaillog_fromAddress as SenderEmailAddress, EmailLogs.emaillog_fromAddress as SenderAccountName, EmailRecipientList.RecipientIdentifier as RecipientEmailList, EmailLogs.classification_id as SourcePolicyID, EmailLogs.classification_id as SourceRuleID, EmailLogs.prev_ classification_id as PreviousSourcePolicyID, Plugins.plugin_id as SourceAgentTypeID, Plugins.plugin_name as AgentType, (convert(nvarchar(20),pluginversions.pluginversion_major) Page 13 Using the Integration Wizard

Task 2: Creating a Query + '.' + convert(nvarchar(20),pluginversions.pluginversion_ minor) + '.' + convert(nvarchar(20),pluginversions.pluginversion_subminor)) as AgentVersion, Classifications.classification_fullName as SourcePolicyName, Classifications.classification_fullName as SourceRuleName, Classifications.classification_configID as SourcePolicyVersionID, Classifications.classification_confOrder as SourceSeverityID, Classifications.classification_levelName as SeverityName, AppliedRules.ruletype_id as SourceActionID, AppliedRuleTypes.ruletype_description as SourceActionName, EmailAtt.emailatt_fileName as [FileName], EmailAtt.emailatt_id as FileID, EmailAtt.emailatt_guid as SourceFileGuid,'SMTP ' as ProtocolName,'Tagging' as ChannelName, 1 as MatchCount,'New' as StatusName FROM EmailLogs INNER JOIN EmailRecipientList ON EmailRecipientList.emaillog_id = EmailLogs.emaillog_id INNER JOIN LogEntries ON LogEntries.logentry_id = EmailLogs.logentry_id INNER JOIN Plugins ON Plugins.plugin_id = LogEntries.plugin_id INNER JOIN PluginVersions ON PluginVersions.pluginversion_id = LogEntries.pluginversion_id LEFT JOIN EmailCcAddresses ON EmailCcAddresses.emaillog_id = EmailLogs.emaillog_id LEFT JOIN EmailAddresses EmailAddresses_CC ON EmailAddresses_CC.emailaddr_id = EmailCcAddresses.emailaddr_id Using the Integration Wizard Page 14

Task 2: Creating a Query LEFT JOIN Classifications ON Classifications.classification_id = EmailLogs.classification_id LEFT JOIN ON LEFT JOIN ON LEFT JOIN ON WHERE AppliedRules AppliedRules.rule_id = EmailLogs.rule_id AppliedRuleTypes AppliedRuleTypes.ruletype_id = AppliedRules.ruletype_id EmailAtt EmailAtt.emaillog_id = EmailLogs.emaillog_id EmailLogs.classification_id IS NOT NULL 4. Enter a name for the staging table. The name should include thestg_ prefix, and identify the client and entity, such as Stg_<ClientName><EntityName>. If the table name field is left blank, then a number is generated for the table name, such as stg_11. 5. (Optional) Test the query, and review the results, as follows: a. Click Test Query. b. Enter the sample size and timeout value. c. Click Run. The query runs or returns an error. If the query runs, then the results are shown in the Query Results field. d. Adjust the query and run it again, if needed. e. When the query meets your requirements, click Use Query. Any changes to the original query are transferred to the Data Source Query Editor. The updated query is not saved until Save is clicked. 6. Enter the timeout interval in seconds. 7. Click Save. Clicking Save runs the query and creates the table. The Watermarking/Scheduling page opens. 8. Enter the watermark column and value. The watermark is used by the integration wizard to pull records that have a value greater than the value provided for the given field. The watermark should be a unique, incremental value. Not specifying the watermark field causes all data to be queried and uploaded each time the query is run. 9. Set the initial run for a date and time. 10. Set the frequency of the query. Data source processing is separate from the nightly job processing. Bay Dynamics recommends setting the processing interval to Daily. 11. Click Save. Page 15 Using the Integration Wizard

Task 3: Creating a Data Integration Task 3: Creating a Data Integration A data integration pulls specific data from a data source, and maps the data to Symantec ICA fields. First, an integration pack is created, then an import rule is defined, and then the rule is mapped to fields in a Symantec ICA LDW table. To create a data integration using the integration wizard, do the following: 1. In the Symantec ICA administration console, select Integration. 2. Select the Data Integrations tab. 3. Click Create Integration Pack. 4. Enter a name and description for the pack, and click Save. 5. Right-click the integration pack, and select Create Import Rule. 6. Enter a name and description for the rule. 7. (Optional) Create additional import rules, as needed. 8. Right-click the import rule, and select Create Import Rule Mapping. 9. Enter or set the following items: Mapping Name: Name of the mapping. Description:Description of the mapping. Data Source: Data source. Available data sources are listed in the field. Query: Query associated with the data source. Available queries are listed in the field. Symantec ICA Processing Watermark: Leave this field blank. Run Intra-day: Select Yes or No. This field refers to the nightly processing job. Run Order: Order of the import process compared to other processes. Entity Type: Select DIM Incidents. Create Entities: Select Yes to create new entities. If set to No, then select the entity key. 10. Map the source fields to the listed Symantec ICA fields. The listed fields are specific to the entity type. The required fields must be mapped. Additional fields can be set in the Source to Symantec ICA Entity Mappings section. See Also: Refer to the mapping tables in the appendix for mapping information. 11. Click Save. Task 4: Processing the Query Data The query data must be processed using the nightly job after creating the data integration. Until the nightly processing job is run, the data is not imported to Symantec ICA. To run the nightly processing job, do the following: Using the Integration Wizard Page 16

Task 4: Processing the Query Data 1. Log in to Microsoft SQL Server, and connect to Database Engine. 2. Expand SQL Server Agent, and then expand Jobs. 3. Process the Symantec ICA processing job as follows: a. Right-click the Symantec ICA Processing job, and select Start Job at Step. b. Select Step 1 of the Symantec ICA Processing Job, and click Start. This process takes some time to complete. Wait until the process finishes before continuing this procedure. This job performs daily processing on several cubes. 4. Close the job processing window. 5. Double-click Job Activity Monitor. 6. Use the refresh option to view the progress of the job. Page 17 Using the Integration Wizard

Appendix A Integration Wizard Mappings for Symantec ICT Data The following tables list the required and optional fields for mapping data from Symantec ICT source table to Symantec ICA staging table. Required Symantec ICT Fields The following fields are required when mapping from Symantec ICT: Entity Column Format Type Value Incident Date DATETIME Source Column IncidentDate MatchCount BIGINT (19,0) Source Column matchcount RecipientIdentifier NVARCHAR (4000) Source Column recipientidentifier SenderIdentifier NVARCHAR (4000) Source Column senderidentifier SourceIncidentID NVARCHAR (36) Source Column SourceIncidentID SourcePolicy NVARCHAR (100) Source Column sourcepolicyid SourcePolicyName NVARCHAR (100) Source Column SourcePolicyName SourceRuleID NVARCHAR (100) Source Column sourceruleid SourceRuleName NVARCHAR (100) Source Column sourcerulename Optional Symantec ICT Fields The following fields are optional when mapping from Symantec ICT: Entity Column Format Type Value AgentName NVARCHAR (50) Source Column AgentType NVARCHAR (50) Source Column AgentVersion NVARCHAR (50) Source Column DocumentType NVARCHAR (20) Source Column FileName NVARCHAR (4000) Source Column filename Integration Wizard Mappings for Symantec ICT Data Page 18

Create and Associate Symantec ICT Fields Entity Column Format Type Value FileSize BIGINT (19,0) Source Column IsArchived BIT Source Column OccurredDate DATETIME Source Column SourceAgentID NVARCHAR (36) Source Column SourceComputerKey NVARCHAR (36) Source Column Source MessageID BIGINT (19,0) Source Column SourcePolicyDescription NVARCHAR (200) Source Column SourceRuleDescription NVARCHAR (2000) Source Column Create and Associate Symantec ICT Fields The following fields are optional when mapping from Symantec ICT: OBject Entity Column Format Type Value IP Addresses DestinationIPAddress NVARCHAR Source (100) Column IP Addresses SourceIPAddress NVARCHAR Source (100) Column Users SourceAccountName NVARCHAR Source SourceAcountName (256) Column Users SourceNetBIOSDomain NVARCHAR Source SourceNetBIOSDomain (256) Column Computer SourceHostName NVARCHAR Source Endpoints (256) Column DIM Incident Channels DIM Incident Protocols DIM Incident Severities DIM Incident Statuses Associate Message Subjects Computer Endpoint Connection Statuses ChannelName ProtocolName SeverityName StatusName MessageSubject NVARCHAR Source channelname (50) Column NVARCHAR Source protocolname (256) Column NVARCHAR Source severityname (50) Column NVARCHAR Source statusname (50) Column NVARCHAR Source (1024) Column SourceComputerEndpointConnectionStatus NVARCHAR Source (15) Column Page 19 Integration Wizard Mappings for Symantec ICT Data

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback