We are new to Symantec Endpoint Protection and could use some guidance.
Lately, we are noticing pop-up alerts on our web server for Intrusion Prevention and blocked activity. The only way I can see detail is to go into the web server client and view Security Log - Client Management Log. There it displays the Intrusion Prevention Alert and Active Response to the threat. A sample alert would be [SID: 29051] Web Attack: Wordpress Fake Plug in Activity attack blocked. The corresponding Active Response shows the IP source of the attack.
On our Endpoint Protection Manager, we are not readily seeing these alerts. Nothing in Notifications or Monitoring. In the reporting, I can only find a report under Network Threat Protection that shows client attacked in one report and IP address in the other. I don't see the detail of type of attack (web attack - wordpress).
We would like to get an email or scheduled report providing this kind of detail. I would hope/assume it is possible but I can not find where it is. Any direction/suggestions would be appreciated.
Douglas