Advanced Threat Protection

Dear All, 

Would like to understand if it is possible to turn on audit logging for Symantec ATP ? 

Have went through the Installation Guide and also the Administration Guide, but are not able to find any information to turn on audit logging for the Symantec ATP. 

The requirement here is to have a means to collect logs on events like login events, power on/off event, system events, and etc. I believe this is a common security requirements especially for a security-centric appliance.

Understand that it is possible to connect to syslog server and start piping syslog, however it seems like the syslogs only contains ATP Events (e.g.: conviction events, alerts, etc).

So, is there any way to turn on audit logging for Symantec ATP ? 

Thank you. 

Regards,

W.L

I know that there are advanced logs that can be enabled/collected on the backend, but, for that support needs to be engaged as there are additional steps that need to be walked through.

As for audit logs written to the console or syslog, I haven't seen that possibility...yet.

There are no audit logs like what you are requesting. This is something that will be considered for a future release.