Endpoint Protection

Hi,

Based on demonstration video of integration of Cisco IPS and SEPM (where is looks like SEPM is sending logs to Cisco IPS using SDEE protocol), could you please post instruction how to confgiure SEPM to send logs to Cisco IPS using SDEE (Security Device Event Exchange) protocol?

Video link: http://www.youtube.com/watch?v=iwRDs4On0q8

Best regards,

Admin page >> Servers tab >> Select your local site and under Tasks select Configure External Logging

Edit as you see fit.

Also, you may need to consult the cisco admin guide for this. The logging setup in SEPM is pretty basic and straightforward.

Hi Brian81,

Thank you for your fast reply. I am aware of External logging option, but this is for syslog servers and I am not sure if there is SDEE protocol hidden in some settings that I do not know or can not find.

Best regards,

Vladimir

There is not. Only TCP and UDP are available.

Hi Brian,

Take a time and have a look the following video: http://www.youtube.com/watch?v=iwRDs4On0q8

Best regards,

The video shows nothing on how to configure. There is no option in the External Logging piece to chose the SDEE protocol.

SDEE uses TCP/443 by default so I would try setting that up in the SEPM to see what the result is.

Hi Vladimir,

The integration was a proof of concept for Cisco to demo at Cisco Live - its something we are working on with them.  That said, if you would like to use this now, please contact Cisco, who will help you configure it via one of their partners.

thanks

Hi Paul,

After number of emails and phone calls, we (me and the customer) did not have luch with Cisco and Cisco Partner - is there anybody at Symantec that can just show us the basic steps, how to?

Best regards,