Symantec Endpoint Protection v2
Symantec Endpoint Protection Pack.#
This Integration is part of theQuery the Symantec Endpoint Protection Manager using the official REST API.
#
Use Cases- Scan/Quarantine/content-update an endpoint.
- Assign policy to an endpoint.
- Move client to different group.
Unsupported use cases in the API:
- Get scan results
- Get reports/logs
- Receive system alerts
#
Required PermissionsThe following role is required to use the Symantec Endpoint Protection API:
- sysadmin Note: An Administrator role does not have enough permissions for this integration. A System Administrator (sysadmin) role is required.
#
Configure Symantec Endpoint Protection V2 in CortexParameter | Required |
---|---|
Server (e.g., https://1.2.3.4:8446) | True |
Authentication | True |
Password | True |
SEPM domain for the user | False |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
Local time zone (e.g., +02:30,-06:00) | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
sep-endpoints-infoReturns information about endpoints.
#
Base Commandsep-endpoints-info
#
InputArgument Name | Description | Required |
---|---|---|
columns | A CSV list of the displayed columns. | Optional |
computerName | Filters by the host name of the computer. A wild card search can be done using '*' at the end of the query. | Optional |
lastUpdate | Indicates when a computer's status was last updated. The default is "0", which returns all results. Default is 0. | Optional |
os | The operating system by which to filter. Possible values are: CentOs, Debian, Fedora, MacOSX, Oracle, OSX, RedHat, SUSE, Ubuntu, Win10, Win2K, Win7, Win8, WinEmb7, WinEmb8, WinEmb81, WinFundamental, WinNT, Win2K3, Win2K8, Win2K8R2, WinVista, WinXP, WinXPEmb, WinXPProf64. | Optional |
pageSize | The number of results to include on each page. The default is 20. | Optional |
groupName | The name of the group to which the endpoint belongs. A wild card search can be done using '*' at the end of the query. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.Endpoint.Hostname | String | The hostname of the endpoint. |
SEPM.Endpoint.Domain | String | The domain of the endpoint. |
SEPM.Endpoint.IPAddresses | String | The IP addresses of the endpoint. |
SEPM.Endpoint.OS | String | The OS information of the endpoint. |
SEPM.Endpoint.Description | String | The description of the endpoint. |
SEPM.Endpoint.MACAddresses | String | The MAC address of the endpoint. |
SEPM.Endpoint.BIOSVersion | String | The BIOS version of the endpoint. |
SEPM.Endpoint.DHCPServer | String | The DHCP server address of the endpoint. |
SEPM.Endpoint.HardwareKey | String | The hardware key of the client to be moved. |
SEPM.Endpoint.LastScanTime | String | The last scan time of the endpoint. |
SEPM.Endpoint.RunningVersion | String | The running version of the endpoint. |
SEPM.Endpoint.TargetVersion | String | The target version of the endpoint. |
IP.Address | String | The IP address of the endpoint. |
IP.Host | String | The IP host of the endpoint. |
Endpoint.Hostname | Unknown | The hostname of the endpoint. |
Endpoint.MACAddress | Unknown | The MAC address of the endpoint. |
Endpoint.Domain | Unknown | The domain of the endpoint. |
Endpoint.IPAddress | Unknown | The IP address of the endpoint. |
Endpoint.DHCPServer | Unknown | The DHCP server of the endpoint. |
Endpoint.OS | String | The OS of the endpoint. |
Endpoint.OSVersion | String | The OS version of the endpoint. |
Endpoint.BIOSVersion | String | The BIOS version of the endpoint. |
Endpoint.Memory | String | The memory of the endpoint. |
Endpoint.Processors | String | The processors that the endpoint uses. |
IP.Hostname | String | The hostname that is mapped to this IP address. |
SEPM.Endpoint.Group | String | The group of the endpoint. |
SEPM.Endpoint.PatternIdx | String | The PatternIdx of the endpoint. |
SEPM.Endpoint.OnlineStatus | String | The online status of the endpoint. |
SEPM.Endpoint.UpdateTime | String | The update time of the endpoint. |
#
Command Example#
Human Readable Output#
sep-groups-infoReturns information about groups.
#
Base Commandsep-groups-info
#
InputArgument Name | Description | Required |
---|---|---|
columns | The column by which the results are sorted. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.Groups | Unknown | The list of groups. |
SEPM.Groups.created | number | The time of creation time (in Epoch). |
SEPM.Groups.fullPathName | string | The name of the group. |
SEPM.Groups.id | string | The ID of the group. |
SEPM.Groups.numberOfPhysicalComputers | number | The number of physical computers in the group. |
SEPM.Groups.numberOfRegisteredUsers | number | The number of registered users in the group. |
SEPM.Groups.policyDate | number | The date of the policy (in Epoch). |
SEPM.Groups.policySerialNumber | number | The serial number of the policy. |
#
Command Example#
Human Readable Output#
sep-system-infoReturns information about the system, such as version or AV definition.
#
Base Commandsep-system-info
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.ServerAVDefVersion | string | The version of the AV definition. |
#
Command Example#
Human Readable Output#
sep-command-statusRetrieves the status of a command.
#
Base Commandsep-command-status
#
InputArgument Name | Description | Required |
---|---|---|
commandId | The ID of the command. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.LastCommand.CommandDetails | string | The details of the command. |
SEPM.LastCommand.CommandId | string | The ID of the command. |
#
Command Example#
Human Readable Output#
sep-client-contentRetrieves the content of the client.
#
Base Commandsep-client-content
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.ClientContentVersions | string | Displays the versions for each client. |
SEPM.LastUpdated | string | The last update of a date. |
#
Command Example#
Human Readable Output#
sep-list-policiesRetrieves a list of existing policies.
#
Base Commandsep-list-policies
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.PoliciesList.PolicyName | string | The name of the policy. |
SEPM.PoliciesList.Type | string | The type of the policy. |
SEPM.PoliciesList.ID | string | The ID of the policy. |
SEPM.PoliciesList.Description | string | The description of the policy. |
SEPM.PoliciesList.Enabled | boolean | Whether the list of polices is enabled. Enabled if "True". |
SEPM.PoliciesList.AssignedLocations.GroupID | string | The ID of the group of the locations assigned to this policy. |
SEPM.PoliciesList.AssignedLocations.Locations | string | The list of location IDs assigned to this policy. |
SEPM.PoliciesList.AssignedCloudGroups.GroupID | string | The ID of the cloud group of the locations assigned to this policy. |
SEPM.PoliciesList.AssignedCloudGroups.Locations | string | The list of location IDs belonging to a cloud group assigned to this policy. |
#
Command Example#
Human Readable Output#
sep-assign-policyAssigns an existing policy to a specified location.
#
Base Commandsep-assign-policy
#
InputArgument Name | Description | Required |
---|---|---|
groupID | The ID of the group to which the endpoint belongs. | Required |
locationID | The ID of the location of the endpoint. | Required |
policyType | The type of policy to be assigned. | Required |
policyID | The ID of the policy to be assigned. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example#
Human Readable Output#
sep-list-locationsRetrieves a list of location IDs for a specified group.
#
Base Commandsep-list-locations
#
InputArgument Name | Description | Required |
---|---|---|
groupID | The group ID for which to list locations. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.Locations.ID | Unknown | The ID of the location. |
#
Command Example#
Human Readable Output#
sep-endpoint-quarantineQuarantines an endpoint according to its policy.
#
Base Commandsep-endpoint-quarantine
#
InputArgument Name | Description | Required |
---|---|---|
endpoint | The IP or hostname of the endpoint. | Required |
actionType | Adds or removes an endpoint from quarantine. Possible values are: Add, Remove. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.Quarantine.CommandID | string | The ID of the command that was run. |
SEPM.Quarantine.Action | string | The type of the action type. Can be "Add" or "Remove". |
SEPM.Quarantine.Endpoint | string | The IP or hostname of the identifier of the endpoint. |
#
Command Example#
Human Readable Output#
sep-scan-endpointScans an endpoint.
#
Base Commandsep-scan-endpoint
#
InputArgument Name | Description | Required |
---|---|---|
endpoint | The IP address or hostname of the endpoint. | Required |
scanType | The scan type of the endpoint. Can be "ScanNow_Quick", "ScanNow_Full", or "ScanNow_Custom". Possible values are: ScanNow_Quick, ScanNow_Full, ScanNow_Custom. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.Scan.CommandID | string | The ID of the command that was run. |
SEPM.Scan.Type | string | The type of the scan. Can be "ScanNow_Quick", "ScanNow_Full", or "ScanNow_Custom". |
SEPM.Scan.Endpoint | Unknown | The IP or hostname of the identifier of the endpoint. |
#
Command Example#
Human Readable Output#
sep-update-endpoint-contentUpdates the content of a specified client.
#
Base Commandsep-update-endpoint-content
#
InputArgument Name | Description | Required |
---|---|---|
endpoint | The IP address or hostname of the endpoint. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SEPM.Update.Endpoint | String | The endpoint that is being updated. |
SEPM.Update.CommandID | String | The ID of the command for which to check the status. |
#
Command Example#
Human Readable Output#
sep-move-client-to-groupMoves a client to a group.
#
Base Commandsep-move-client-to-group
#
InputArgument Name | Description | Required |
---|---|---|
groupID | The ID of the group to which to move the client. | Required |
hardwareKey | The hardware key of the client to be moved. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example#
Human Readable Output#
sep-identify-old-clientsGet endpoints for a running version that is different than the target version or the desired version (if specified).
#
Base Commandsep-identify-old-clients
#
InputArgument Name | Description | Required |
---|---|---|
columns | Sets which columns will be displayed. | Optional |
computerName | Filters by the host name of the computer. A wild card search can be done using '*' at the end of the query. | Optional |
lastUpdate | Indicates when a computer's status was last updated. The default is "0", which returns all results. | Optional |
os | The operating system by which to filter. | Optional |
pageSize | The number of results to include on each page. The default is 20. | Optional |
groupName | The name of the group to which the endpoint belongs. A wild card search can be done using '*'at the end of the query. | Optional |
desiredVersion | desiredVersion. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example#
Human Readable Output#
Known Limitations- SEPM REST- API currently exposes statistics, but does not expose extended information about Risks, Application and Device control, and Network logs.
- SEPM REST- API currently does not support an operation to get Host Names or IP addresses of clients who don’t have an update content version.
- SEPM REST- API currently does not support an operation to create or download reports.