Kaseya Community

Request - Symantec Endpoint Protection Event ID set

  • Does anyone have a standard Event ID set for the new SEP 11.0? Or at the very least know of a direct link to symantec's listed event ID's?

    Legacy Forum Name: Request - Symantec Endpoint Protection Event ID set,
    Legacy Posted By Username: ccarter@eresources.com
  • This post seems a little old.  I checked on our newer machines and Symantec still uses the same source name.  So this should work for you.
    
    <?xml version="1.0" encoding="ISO-8859-1" ?>
    <event_sets>
      <set_elements setName="Symantec" eventSetId="24612711">
        <element_data ignore="0" source="Symantec AntiVirus" category="*" eventId="-1" username="*" description="*"/>
      </set_elements>
    </event_sets>
    
    Just import this set and it should get you up and going.

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: cking@faylib.org


    [edited by: Brendan Cosgrove at 5:33 PM (GMT -8) on 12-17-2010] .
  • The event IDs have not changed. There's a couple of new ones, though.

    If you use the event set posted by CKing, then you'll catch everything from SEP. Then start adding "ignore events" in there to weed out the things you don't care about. There's plenty of samples of SAV/SEP event sets posted around here.

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: Lmhansen