symantec-parser (ex. sep-seclog-ips-parser)

Symantec Endpoint Protection (SEP) seclog file IP Analyzer

Warning

This version may not be suitable for production use!

The package is not being actively maintained, if you want to maintain this package, please reach out!

Please note that this is a beta version which is used for a personal RDP server with a normal workload.

The script tries to find the attacker's IP addresses in the 'seclog' file and blocks if the number of attacks exceeds a certain number. All settings are in the settings.ini file.

[!] Pre-set maximum log file size for SEP [!] Create a predefined rule for auto-update

SEP firewall rule blocking:

Export current rules
Add IP addresses to the predefined rule.
Import rules into SEP That's simple but it works fine.

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
.github		.github
.gitattributes		.gitattributes
.gitignore		.gitignore
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
README.md		README.md
block_attackers_IP.bat		block_attackers_IP.bat
main.py		main.py
settings.ini		settings.ini

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

symantec-parser (ex. sep-seclog-ips-parser)

Please, check all settings in the config file before use.

About

Releases

Sponsor this project

Languages

RChutchev/symantec-parser

Folders and files

Latest commit

History

Repository files navigation

symantec-parser (ex. sep-seclog-ips-parser)

Please, check all settings in the config file before use.

About

Topics

Resources

Code of conduct

Stars

Watchers

Forks

Releases

Sponsor this project

Languages