Symantec DLP Incident logs in CEF over Syslog

Document created by kishangupta on Mar 8, 2016Last modified by kishangupta on Mar 8, 2016
Version 1Show Document
  • View in full screen mode

I have integrated Symantec DLP incident logs to ArcSight using CEF, which worked properly for me.

I have created a detailed step by step procedure which might be helpful for others.

 

NOTE : I have used Symantec DLP 12.0.1, and this will only send Incident events over syslog not the system events.

3 people found this helpful

Outcomes