ICDx - API

Published on Monday, 9 December 2019

ICDx Logo ICDx

Symantec’s Integrated Cyber Defense (ICD) Platform unifies products, services and partners to drive down the cost and complexity of cyber security, while protecting enterprises against sophisticated threats. ICD combines information protection, threat protection, identity management, compliance and other advanced services, powered by shared intelligence and automation across endpoints, networks, applications, and clouds.

API

ICDx provides both AMQP-based and REST APIs. The headers and message content are identical for both APIs.
ICDx uses the Advanced Message Queuing Protocol (AMQP) as its primary protocol and interface. AMQP is a networking protocol that enables conforming client applications to communicate with conforming messaging middleware brokers.
The ICDx API is defined as a set of JSON-encoded messages and headers, which are sent and received over a message bus. ICDx uses the RabbitMQ implementation of AMQP.

Symantec™ Integrated Cyber Defense Exchange 1.3.1 API Guide
https://support.symantec.com/us/en/article.DOC11590.html
DOC11590

Actions

SEP

Remediate/file action example - Symantec Endpoint Protection Manager action adapter in ICDx
https://support.symantec.com/us/en/article.HOWTO130637.html
HOWTO130637