Incident_Opened_Symantec EP mobile_General

Alert

Incident Opened (incident_opened)

SK4 unified event:
Connector/Service

Symantec EP mobile/General

SK4 Version:

2.4.62

Created Date:

Mon May 20 2019 12:11:26 GMT+0000 (Coordinated Universal Time)

Last Update:

Tue Jun 18 2019 11:10:37 GMT+0000 (Coordinated Universal Time)

Category

Security Alert

Description

An incident is a collection of one or more events that represent a significant risk to the organization. Incidents include the events that Symantec Endpoint Protection has blocked, because even blocked events contribute to a more complete picture of the larger attack.

Search query

cef_vendor="skyformation" cef_name="security-threat-detected" destinationServiceName="Symantec EP mobile"

Parsed CEF
Unparsed raw data

Expand to see an example...

Audit sources