Accenture MDR Quick Start Guide for Symantec Data Loss Prevention Web Services API

Owned by Sekar Venkataramani
Last updated: Apr 30, 2021
2 min read

This quick start guide will help Accenture MDR customers configure Symantec Data Loss Prevention (DLP) Web Services API  to allow log collection from the Log Collection Platform (LCP).

The document includes the following topics:

 

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in

Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

Port Requirements

Table 1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

LCP

Symantec DLP

8443 (TCP)

Default port

Configuring Symantec DLP

The following steps need to be completed on the Symantec DLP Web Service API device to allow log collection from the LCP.

Create a role

Launch the Symantec DLP Enforce Server Web console using the URL: https://Symantec_DLP_Enforce_Server_IP_address

  1. Navigate to System > User Management > Roles.

  2. Click Add Roles.

  3. In the General tab, enter Role Name and Description.

  4. Assign the following privileges to the role:

Role Properties

Privileges

System

Uncheck the following options:

o   User Administrator

o   Server Administration

o   Symantec Protection Center Registration

Incidents

Check View and select the following items:

o   Network Incidents

o   Discover Incidents

o   Endpoint Incidents

o   Classification Incidents (if present)

Actions

Uncheck the following options:

o   Remediate Incidents

o   Lookup Attributes

o   Delete Incidents

o   Export Web Archive

o   XML Export

o   CSV Attachment in Email Reports

Check the following option:

o   Reporting API

Display Attributes

Check the following options:

o   Shared

o   Endpoint

o   Discover

Custom Attributes

Check the following option:

o   View All

Folder/Resource Reports

Check the following option:

o   Folder Risk Reporting

5. Click Save.

Create a user and assign the role to the user                                     

  1. Launch the Symantec DLP Enforce Server Web console.

  2. Navigate to System > User Management > Roles.

  3. Click Add User.

  4. Enter any preferred name. Check Use Password Authentication and enter the password twice.

  5. If you use Certificates, then check Use Certificate Authentication and check the following options:

Field

Description

General

Enter the email address and select the language.

Report Preference

Use the default settings.

Roles

Use the role you created.

Default Role

Select the default role.

  1. Click Save.

Run a report in the context of the user that is created

  1. Launch the Symantec DLP Enforce Server Web console.

  2. On the Incidents tab, select one of the following:

    • Networks

    • Endpoint

    • Discover

    • Classification (if present) 

To collect all the incidents, it is required to create individual report for each type of incidents category.

3. Set the filter options and other advanced options.

4. Save the Report and enter the name and description.

Note: If you move your mouse over the saved report, you will see the number of the report. This will be used by the MDR team to configure the LCP.

LCP Configuration Parameters

Table 1-2: The Symantec DLP event collector (API - 3859) properties to be configured by MDR are shown in the table.

Property

Default Value

Description

Server Hostname

Hostname or IP of the DLP Server

Logging device IP address or hostname mentioned in the Pre-Installation Questionnaire (PIQ).

Server Port

8443

This port t is used by the LCP to communicate with the Symantec DLP device mentioned in the PIQ.

User Name

 

The username to access the Symantec DLP server mentioned in the PIQ.

Auth Password

 

The user password to access the Symantec DLP server mentioned in the PIQ.

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.