...
This document includes the following topics:
...
Supported Versions
...
Port Requirements
...
Configuring Symantec ICSP
...
| Table of Contents |
|---|
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MSS_Supported_Products_List.xlsx) which can be found in Accenture MSS MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents
Port Requirements
Table 1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
Symantec ICSP | LCP | 514 (UDP) or 601 (TCP) | Default port |
Configuring Symantec ICSP
Log in to Web Interface
Navigate to Events > Notifications
Click Syslog
...
10. Click on Save Configuration
...
LCP Configuration Parameters
Table 1-2: The Symantec ICSP event collector (Syslog - 3891) properties to be configured by MSS MDR are given in the table.
Property | Default Value | Description |
Protocol | UDP | The default protocol for syslog. The collector can also accept logs in TCP. Note: While TCP offers guaranteed delivery of log packets, it places a larger overhead on the LCP. To balance TCP for reliability over UDP for speed/simplicity, contact the Accenture Security MSS onboarding team. |
IP Address | Any | Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). Note: If the device sends logs using multiple interfaces, contact the Accenture Security MSS onboarding team. |
Signatures | | Scan | MSS recommended signatures processed by the Symantec ICSP event collector. |
Port Number | 514 | The default port for UDP. For TCP, the default port is 601. Note: The LCP can be configured to listen on a non-standard port, please advise the Accenture Security onboarding team if this is a requirement. |
...