The integration between Dataminr and Symantec Endpoint Detection and Response allows users to perform a plethora of actions in Symantec EDR as part of SOC/IR processes. Some notable actions include adding IOCs to Blacklists, detonating files, and isolating infected hosts as part of an investigation. The following actions are available in the Playbooks app:
- EOC File Search
- Create, Delete, Get & Update Blacklist
- Create, Delete, Get & Update Whitelist
- Detonate File
- EOC Search
- Get Entities
- Get Entities by Type
- Get Entities Instances by Type
- Get Entities Specific Instances by Type
- Get Events
- Get File Activity
- Get File Events
- Get File Entities
- Get Blacklist
- Get File For File Store
- Get Incidents
- Get Incident Comments
- Isolate & Unisolate
- Recorder Search
- Update Incident Comment
- Update Incident Resolution
- Update Incident Status to Close
This listing can be found in the Dataminr App Catalog under the name Symantec Endpoint Detection and Response (EDR).
