Symantec Endpoint Protection

the symantec endpoint protection connector enables automated interaction with the sep manager, allowing for streamlined management of security policies, blacklists, and endpoint protection measures symantec endpoint protection is a robust security solution that provides comprehensive protection against a wide range of threats this connector enables swimlane turbine users to automate critical security tasks such as managing file fingerprints, updating blacklists, and initiating content updates on endpoints by integrating with symantec endpoint protection, users can enhance their security posture, streamline endpoint management, and respond to threats with greater speed and efficiency the connector's actions facilitate proactive threat hunting, system lockdown, and policy enforcement, directly contributing to a fortified defense against cyber threats prerequisites to effectively utilize the symantec endpoint protection connector with swimlane turbine, ensure you have the following prerequisites api key authentication with the following parameters url the base url for the sep manager api username the account username with permissions to access the sep manager password the corresponding password for the provided username port the port number on which the sep manager api is accessible capabilities the symantec endpoint protection connector has the following capabilities get groups add blacklist fingerprint to groups for lockdown create blacklist delete blacklist update blacklist get domains update content command configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required port api port string required username username string required secret password string required domain symantec endpoint protection user's domain, defaults to "default" domain string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add fingerprint to group adds a specific fingerprint to a symantec endpoint protection group for system lockdown, requiring group and fingerprint ids endpoint url sepm/api/v1/groups/{{group id}}/system lockdown/fingerprints/{{fingerprint id}} method put input argument name type required description path parameters group id string required parameters for the add fingerprint to group action path parameters fingerprint id string required parameters for the add fingerprint to group action input example {"path parameters" {"group id" "09af1bf50a2000c06ef0620a092a5a17","fingerprint id" "9ec5beefe64e406da0aac2a584bee09e"}} output parameter type description status code number http status code of the response reason string response reason phrase errorcode string error message if any apperrorcode string error message if any errormessage string response message output example {"status code" 423,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit create new blacklist adds a new file fingerprint list to the blacklist in symantec endpoint protection manager using details such as name, domainid, hashtype, and data endpoint url sepm/api/v1/policy objects/fingerprints method post input argument name type required description name string optional name of the resource domainid string optional unique identifier description string optional parameter for create new blacklist hashtype string optional type of the resource data array optional response data input example {"json body" {"name" "test","domainid" "e1b640690a2000c02f0213a4fd07bc8a","description" "a description","hashtype" "md5","data" \["ac20a4ed0c586b32e80f2156188cd1a2"]}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier output example {"status code" 200,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit delete blacklist removes a specified blacklist entry from symantec endpoint protection manager using the provided id endpoint url sepm/api/v1/policy objects/fingerprints/{{id}} method delete input argument name type required description path parameters id string required parameters for the delete blacklist action input example {"path parameters" {"id" "e5b43b239c334ab289cd842b09b97241"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit get blacklist fingerprint file by name retrieves the file fingerprint blacklist by name, returning a set of associated hash values in symantec endpoint protection endpoint url sepm/api/v1/policy objects/fingerprints method get input argument name type required description parameters name string optional parameters for the get blacklist fingerprint file by name action input example {"parameters" {"name" "file txt"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource hashtype string type of the resource source string output field source description string output field description data array response data groupids array unique identifier groupids file name string unique identifier groupids file string unique identifier output example {"status code" 200,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit get domains retrieve a list of all accessible domains from symantec endpoint protection manager endpoint url sepm/api/v1/domains method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit get file fingerprint by id retrieve a list of hash values representing the file fingerprint for a specified id in symantec endpoint protection endpoint url sepm/api/v1/policy objects/fingerprints/{{id}} method get input argument name type required description path parameters id string required parameters for the get file fingerprint by id action input example {"path parameters" {"id" "25c0783596f8dc77528ff692a9dc82d1"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource hashtype string type of the resource source string output field source description string output field description data array response data groupids array unique identifier groupids file name string unique identifier groupids file string unique identifier output example {"status code" 200,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit get group retrieves a list of groups from symantec endpoint protection for further analysis or action endpoint url sepm/api/v1/groups method get output parameter type description status code number http status code of the response reason string response reason phrase content array response content content id string unique identifier content name string name of the resource content description string response content content fullpathname string name of the resource content numberofphysicalcomputers number response content content numberofregisteredusers number response content content createdby string response content content created number response content content lastmodified number response content content policyserialnumber string response content content policydate number response content content customipsnumber string response content content domain object response content content domain id string unique identifier content domain name string name of the resource content policyinheritanceenabled boolean response content size number output field size number number output field number sort array output field sort sort direction string output field sort direction sort property string output field sort property sort ascending boolean output field sort ascending output example {"status code" 200,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit update blacklist updates an existing blacklist in symantec endpoint protection using the specified 'id' system administrator account required endpoint url sepm/api/v1/policy objects/fingerprints/{{id}} method post input argument name type required description path parameters id string required parameters for the update blacklist action name string optional name of the resource domainid string optional unique identifier description string optional parameter for update blacklist hashtype string optional type of the resource data array optional response data input example {"json body" {"name" "test","domainid" "e1b640690a2000c02f0213a4fd07bc8a","description" "a description","hashtype" "md5","data" \["ac20a4ed0c586b32e80f2156188cd1a2"]},"path parameters" {"id" "e5b43b239c334ab289cd842b09b97241"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit update content command initiates a content update on specified symantec endpoint protection endpoints using group or computer ids system administrator account required endpoint url sepm/api/v1/command queue/updatecontent method post input argument name type required description parameters group ids array required parameters for the update content command action parameters computer ids array required parameters for the update content command action input example {"parameters" {"group ids" \["09af1bf50a2000c06ef0620a092a5a17"],"computer ids" \["09af1bf50a2000c06ef0620a092a5a17"]}} output parameter type description status code number http status code of the response reason string response reason phrase errorcode string error message if any apperrorcode string error message if any errormessage string response message output example {"status code" 400,"response headers" {"x frame options" "deny","content security policy" "frame ancestors 'self' https //win qdbt6mvuilc 8443","x xss protection" "1; mode=block","x content type options" "nosniff, nosniff","referrer policy" "strict origin when cross origin","feature policy" "microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' ","pragma" "no cache","expires" "thu, 01 jan 1970 00 00 00 gmt","cache control" "no cache, no store","x rate limit limit" "50","x rate limit response headers header description example cache control directives for caching mechanisms no cache, no store connection http response header connection close content length the length of the response body in bytes 0 content security policy http response header content security policy frame ancestors 'self' https //win qdbt6mvuilc 8443 content type the media type of the resource application/json;charset=utf 8 date the date and time at which the message was originated thu, 01 dec 2022 18 38 39 gmt expires the date/time after which the response is considered stale thu, 01 jan 1970 00 00 00 gmt feature policy http response header feature policy microphone 'none'; geolocation 'none'; usb 'none'; autoplay 'none' keep alive http response header keep alive timeout=60 pragma http response header pragma no cache referrer policy http response header referrer policy strict origin when cross origin server information about the software used by the origin server sepm strict transport security http response header strict transport security max age=31536000 ; includesubdomains transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff, nosniff x frame options http response header x frame options deny x rate limit limit http response header x rate limit limit 50 x rate limit remaining http response header x rate limit remaining 48 x rate limit reset http response header x rate limit reset 21388 x xss protection http response header x xss protection 1; mode=block