Skip to content
/ symantec-parser Public

Symantec Endpoint Protection (SEP) seclog file IPs parser with adding IPs to SEP Firewall [Python] ex. SEP-seclog-IPs-parser

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RChutchev/symantec-parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
README.md
README.md
 
 
block_attackers_IP.bat
block_attackers_IP.bat
 
 
main.py
main.py
 
 
settings.ini
settings.ini
 
 

Repository files navigation

symantec-parser (ex. sep-seclog-ips-parser)

Symantec Endpoint Protection (SEP) seclog file IP Analyzer

Please note that this version is not suitable for production use, this is a beta version for development purpose only which is used for a personal RDP server with a normal workload.

The script tries to find the attacker's IP addresses in the 'seclog' file and blocks if the number of attacks exceeds a certain number. All settings are in the settings.ini file.

[!] Pre-set maximum log file size for SEP SEP [!] Create a predefined rule for auto update SEP FW

SEP firewall rule blocking:

  1. Export current rules
  2. Add IP addresses to the predefined rule.
  3. Import rules into SEP Simple and works fine.

Check all settings in the config file before use.

About

Symantec Endpoint Protection (SEP) seclog file IPs parser with adding IPs to SEP Firewall [Python] ex. SEP-seclog-IPs-parser

Topics

python symantec symantecendpointprotection seclog

Resources

Readme

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Languages