Login to participate
Security IdeasRSS
0 votes
SSIM - Symantec Endpoint Protection Event Collector - Selective Event Forwarding
DP01
November 24th, 2009
Filed under: Endpoint Protection (AntiVirus) - 11.x, Endpoint Protection (AntiVirus), Security Information Manager, Features, Reporting, Security
0 Agree, 0 Disagree
In a multi-site SEPM environment, where logs are forwarded to a SEP Management Site and SSIM SEP Event Collectors are installed on the non SEP Management sites, you currently can not run a SSIM SEP Event Collector on the SEP Management site, otherwise duplicate events would be forwarded to SSIM. This currently prevents the forwarding of any events from any clients that are currently managed by the SEP Management site.
Proposal - The SSIM SEP Event Collector be configurable to only forward those events that have been generated on that site and not forward any events from any other site that may be configured to forward logs to it.
Create a filter
You can try creating a filter specification with a condition "originating_site" not equal to "<your site>" and enable it. This should prevent colelctor from getting information about other sites' activity.
Would you like to reply?
Login or Register to post your comment.