This quick start guide will help Accenture MDR customers configure Symantec ICSP Neural USB Scanner to send logs to the Log collection Platform (LCP).
This document includes the following topics:
Supported Versions
Port Requirements
Configuring Symantec ICSP
LCP Configuration Parameters
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MSS_Supported_Products_List.xlsx) which can be found in
Accenture MSS Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents
Port Requirements
Table 1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
Symantec ICSP | LCP | 514 (UDP) or 601 (TCP) | Default port |
Configuring Symantec ICSP
Log in to Web Interface
Navigate to Events > Notifications
Click Syslog
4. Enable the Enable Remote Syslog Messages
5. Enter the LCP IP address under Syslog Server Hostname
6. Enter the Destination port Type as UDP
7. Enter the Destination Port Number as 514
8. Select 18(local2) from the Log Drop-down menu
9. Select All Messages from the Message Type drop-down menu
10. Click on Save Configuration
LCP Configuration Parameters
Table 1-2: The Symantec ICSP event collector properties to be configured by MSS are given in the table.
Property | Default Value | Description |
Protocol | UDP | The default protocol for syslog. The collector can also accept logs in TCP. Note: While TCP offers guaranteed delivery of log packets, it places a larger overhead on the LCP. To balance TCP for reliability over UDP for speed/simplicity, contact the Accenture Security MSS onboarding team. |
IP Address | Any | Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). Note: If the device sends logs using multiple interfaces, contact the Accenture Security MSS onboarding team. |
Signatures | | Scan | MSS recommended signatures processed by the Symantec ICSP event collector. |
Port Number | 514 | The default port for UDP. For TCP, the default port is 601. Note: The LCP can be configured to listen on a non-standard port, please advise the Accenture Security onboarding team if this is a requirement. |