Deciding whether to use Symantec Event Manager for Intrusion Protection

Article:TECH112859  |  Created: 2005-01-24  |  Updated: 2007-01-31  |  Article URL http://www.symantec.com/docs/TECH112859
Article Type
Technical Solution


Environment

Issue



This document explains the advantages of installing the Symantec Event Manager for Intrusion Protection 1.0 when you want to use Symantec ManHunt or Symantec Network Security with SESA. Use this document to help you decide whether to install the Event Manager.


Solution



Symantec ManHunt and Symantec Network Security do not require that you install the Symantec Event Manager for Intrusion Protection 1.0. Base this decision on both:
  • Your SESA version and
  • Whether or not you want to view packet details in ASCII (text) format

SESA version
When you use SESA 1.1, the Event Manager adds new categories to the Event tab. If you use SESA 1.1 and you do not install the Event Manager, you can view Symantec ManHunt and Symantec Network Security events in general categories, but not separately. To view these events separately from other events, install the Event Manager. The installation adds the Host and Network Intrusion events categories to the Event tab.

SESA 2.x includes the Host and Network Intrusion events categories by default. It is not necessary to install the Event Manager to obtain these categories.

Reading packet details in ASCII
The Event Manager adds the Packet Header Decode Extension to both SESA 1.1 and SESA 2.x. This feature enables you to read packet details for events in the ASCII (text) format. Without this feature, the packet details are displayed in hexadecimal only, and not in ASCII.

To use this feature, open the event and click the button that is on the toolbar.



References
Introduction to Symantec Event Manager for Intrusion Protection



Technical Information
Regardless of whether or not you install the Event Manager, if you use Symantec ManHunt or Symantec Network Security with SESA, you must install the Symantec ManHunt or Symantec Network Security SESA Integration Package (SIP).


For information about purchasing Symantec Event Manager for Intrusion Protection 1.0, contact your reseller or Symantec sales representative.

Other Symantec products
The information in this document also applies to the following Symantec products:

  • Symantec ManHunt Smart Agents that send events through Symantec ManHunt
  • Symantec Network Security Agents that send events through Symantec Network Security
  • Symantec Decoy Server events that are sent through Symantec ManHunt or Symantec Network Security
  • Symantec Host IDS events




Legacy ID



2005082409423753


Article URL http://www.symantec.com/docs/TECH112859


Terms of use for this information are found in Legal Notices