Symantec Endpoint Detection and Response can search for the artifacts (such as files, processes, registry keys, and hashes) that are indicators of compromise (IOC)s. Symantec EDR lets you search its database and SEP endpoints for Indicators of Compromise (IOC).
Types of Search
There are two primary sources of data that you can search for indicators of compromise:
- Cloud Database searches are used to find events that have previously occurred in your environment.
- Event data can be directly queried from the endpoints in your environment. Symantec Endpoint Detection and Response lets you search your endpoints' hard drive for indicators of compromise such as files, processes, registry keys, services, and network.