Symantec Endpoint Protection

The IBM Security QRadar Symantec Endpoint Protection Custom Properties content extension adds new custom event properties for Symantec Endpoint Protection.

About the Symantec Endpoint Protection extension

Use the IBM Security QRadar Symantec Endpoint Protection Custom Properties content extension to normalize specific event data from a log source. Custom event properties can make important data more visible in your system searches and reports.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar Symantec Endpoint Protection Content Extension V1.0.2

The following table shows the custom properties that are updated in IBM Security QRadar Symantec Endpoint Protection Content Extension V1.0.2.

Table 1. Changed Custom Properties in IBM Security QRadar Symantec Endpoint Protection Content Extension V1.0.2
Original property name New property name Optimized
Source of Risk Submitted By Not applicable
Computer Name Machine Identifier Yes

IBM Security QRadar Symantec Endpoint Protection Content Extension V1.0.1

The following table shows the custom properties that are new or updated in IBM Security QRadar Symantec Endpoint Protection Content Extension V1.0.1.

Table 2. Changed Custom Properties in IBM Security QRadar Symantec Endpoint Protection Content Extension V1.0.1
Name Optimized
Application Yes
URL Yes

Previous versions

For more information about previous versions of the IBM Security QRadar Symantec Endpoint Protection Content Extension, see IBM QRadar® Symantec Endpoint Protection Content Extension.