"description": "**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. "description": "must be configured to export logs via Syslog " "name": "Symantec Endpoint Protection (SEP) ", "permissionsDisplayText": "write permission is required. "provider": "Microsoft.OperationalInsights/workspaces ",
"SymantecEndpointProtection \n | where TimeGenerated > ago(3d) \n |take 1 \n | project IsConnected = true " "lastDataReceivedQuery": "SymantecEndpointProtection \n | summarize Time = max(TimeGenerated) \n | where isnotempty(Time) " "name": "Syslog (SymantecEndpointProtection) ", "query": "SymantecEndpointProtection \n | summarize count() by UserName \n| top 10 by count_ " "query": "SymantecEndpointProtection \n | summarize count() by LogType \n| top 10 by count_ " "baseQuery": "SymantecEndpointProtection " "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution. This gives you more insight into your organization's network and improves your security operation capabilities. "descriptionMarkdown": "The () connector allows you to easily connect your SEP logs with Microsoft Sentinel.
"title": "Symantec Endpoint Protection ",
0 kommentar(er)
