Symantec Integrated Cyber Defense Exchange connector for Microsoft Sentinel

Symantec ICDx connector allows you to easily connect your Symantec security solutions logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization’s network and improves your security operation capabilities.

Connector attributes

Connector attribute Description
Log Analytics table(s) SymantecICDx_CL
Data collection rules support Not currently supported
Supported by Microsoft Corporation

Query samples

Summarize by connection source ip

| summarize count() by connection_src_ip_s

Summarize by threat id

| summarize count() by threat_id_d

Vendor installation instructions

Configure and connect Symantec ICDx

  1. On the ICDx navigation bar, click Configuration.
  2. At the top of the Configuration screen, click Forwarders, and next to Microsoft Sentinel (Log Analytics), click Add.
  3. In the Microsoft Sentinel (Log Analytics) window that opens, click Show Advanced. See the documentation to set advanced features.
  4. Make sure that you set a name for the forwarder and under Azure Destination, set these required fields:
  • Workspace ID: Paste the Workspace ID from the Microsoft Sentinel portal connector page.
  • Primary Key: Paste the Primary Key from the Microsoft Sentinel portal connector page.
  • Custom Log Name: Type the custom log name in the Microsoft Azure portal Log Analytics workspace to which you are going to forward events. The default is SymantecICDx.
  1. Click Save and to start the forwarder, go to Options > More and click Start.

Next steps

For more information, go to the related solution in the Azure Marketplace.