IBM Security QRadar SOAR

 View Only
  • 1.  Intergration multiple SEP server

    Posted Sun June 21, 2020 10:04 PM
    Hello,
    In my company there are 5 symantec endpoint protection (SEP) include client and server, but i see in the app.config file, only 1 server can be configured.
    So is there any way i can configure 5 SEP servers in the same app.config file?

    host=soar.xx
    port=443
    cafile=false
    # Use (api_key_id, api_key_secret)
    #api_key_id=
    #api_key_secret=
    # Or (email, password)
    email=chung
    password=xxxxx

    org=My ORG

    [fn_sep]
    sep_base_path=/sepm/api/v1
    sep_auth_path=/sepm/api/v1/identity/authenticate
    sep_host=10.x.x.x
    sep_port=8446
    sep_username=sepxxxx
    sep_password=<password>
    sep_domain=<SEP domain name>
    # Optional settings for access to SEPM via a proxy.
    #http_proxy=http://proxy:80
    #https_proxy=http://proxy:80
    # Limit result sent to Resilient, add full result as an attachment.
    sep_results_limit=200
    # Period of time (seconds) to wait for all endpoints to return a scan result.
    sep_scan_timeout=1800


    Thanks

    ------------------------------
    ChungNX2
    ------------------------------


  • 2.  RE: Intergration multiple SEP server

    Posted Mon June 22, 2020 09:23 AM
    Hi  ChungNX2,

    The Symantec Endpoint Protection (SEP) integration is currently only supported for a single SEP server.
    Please raise an RFE with your requirement for multiple SEP server support.

    ------------------------------
    JOHN PRENDERGAST
    ------------------------------



  • 3.  RE: Intergration multiple SEP server

    Posted Mon June 22, 2020 10:37 PM
    Hi JOHN
    Many thanks for your help
    I will contact support IBM.

    ------------------------------
    ChungNX2
    ------------------------------