Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Device Integration: Seqrite Endpoint Security

            Modified on Fri, 17 Apr at 4:18 PM

            TABLE OF CONTENTS


            Overview

            This guide describes how to securely configure Seqrite Endpoint Security to send data to ADR via the API for enhanced security monitoring and threat detection. Seqrite Endpoint Security (EPS) provides multiple methods to forward security logs to external systems for centralised monitoring, compliance, and analysis. Seqrite Endpoint Security can be integrated with ADR through an API connection, allowing centralised log collection and automated threat analysis. 


            Configuration Steps

            In ADR UI

            1. Navigate to Provisioning > Add-on Device.

            2. Click the Add button to configure a new device entry.

            3. For Device, select "Seqrite Endpoint Security".

            4. Enter a Name for the device (customizable, for identification).

            5. Enter the CCE Host IP address (where the SIEM will collect logs).

            6. Provide the Access ID/User name and Password/Secret Key (these should be obtained from your Seqrite team).

            7. In the JSON field, input the following (customise values as per your environment):

              {"host": "x.x.x.x", "database_name": "db_name", "port_num": 423, "time_duration": 15, "procedure_call":{"dlp": "pro_dlp", "virus": "pro_virus", "web": "pro_web"}}

              • host: Seqrite server's IP address

              • database_name: DB name containing endpoint logs

              • port_num: Log storage port

              • time_duration: Frequency (minutes) to pull logs

              • procedure_call: Procedures for DLP, virus, and web event extraction

            8. Click Save to apply the configuration.


            Verification (MSSP Only)

            From ADR GUI Console

            1. Log in with administrative rights.

            2. Go to System > Log/Flow Collection Status.


            3. Ensure the add-on device status is reflected correctly. Confirm that logs from Seqrite Endpoint Security are collected and visible.


            From CCE (Command-Line Verification)

            Log in with the ADR user account.

            Run:

            otmdoc -m


            Enter the add-on device container:

            otmdoc -s cce-addon-devices

            Check scheduled tasks:

            crontab -l


            Run the Seqrite Python script and review outputs.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0