Symantec Integrated Cyber Defense Exchange connector for Microsoft Sentinel
Symantec ICDx connector allows you to easily connect your Symantec security solutions logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization’s network and improves your security operation capabilities.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | SymantecICDx_CL |
| Data collection rules support | Not currently supported |
| Supported by | Microsoft Corporation |
Query samples
Summarize by connection source ip
SymantecICDx_CL
| summarize count() by connection_src_ip_s
Summarize by threat id
SymantecICDx_CL
| summarize count() by threat_id_d
Vendor installation instructions
Configure and connect Symantec ICDx
- On the ICDx navigation bar, click Configuration.
- At the top of the Configuration screen, click Forwarders, and next to Microsoft Sentinel (Log Analytics), click Add.
- In the Microsoft Sentinel (Log Analytics) window that opens, click Show Advanced. See the documentation to set advanced features.
- Make sure that you set a name for the forwarder and under Azure Destination, set these required fields:
- Workspace ID: Paste the Workspace ID from the Microsoft Sentinel portal connector page.
- Primary Key: Paste the Primary Key from the Microsoft Sentinel portal connector page.
- Custom Log Name: Type the custom log name in the Microsoft Azure portal Log Analytics workspace to which you are going to forward events. The default is SymantecICDx.
- Click Save and to start the forwarder, go to Options > More and click Start.
Next steps
For more information, go to the related solution in the Azure Marketplace.