This quick start guide will help Accenture MDR customers configure Symantec™ O3 to send logs to the Log Collection Platform (LCP).
...
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MSS_Supported_Products_List.xlsx) which can be found in
Accenture MSS MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents
...
Table 1-2: The Symantec O3 event collector (Syslog- 3686) properties to be configured by MSS are shown in the table.
Property | Default Value | Description |
Protocol | UDP | The default protocol for syslog. The collector can also accept logs in TCP. Note: While TCP offers guaranteed delivery of log packets, it places a larger overhead on the LCP. To balance TCP for reliability over UDP for speed/simplicity, contact the Accenture Security MSS onboarding team. |
IP Address | Symantec O3 Interface IP address | Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). Note: If the device sends logs using multiple interfaces, contact the Accenture Security MSS onboarding team. |
Signatures | USER_LOGIN,USER_LOGOUT, USER_AUTHZ,USER_REQUEST_AUTHZ,USER_PROTECTED_APP_AUTHN,USER_EDIT_KEYCHAIN, USER_STRONG_AUTHN, SYSTEM_REBOOT,SYSTEM_CONFIG_ROUTE,SYSTEM_BACKUP,SYSTEM_SHUTDOWN,SYSTEM_CONFIG_HOST, SYSTEM_ERROR, SYSTEM_CONFIG_UPDATE | MSS recommended signatures processed by the Symantec O3 event collector. |
Port Number | 514 | The default port for UDP. For TCP, the default port is 601. Note: The LCP can be configured to listen on a non-standard port, please advise the Accenture Security MSS onboarding team if this is a requirement. |
...