Endpoint Protection

 View Only

ADAM and EVE 

May 16, 2010 02:15 PM

ADAM and EVE

SEPM has many good points, however adding computers is a bind. There are a few solutions where direct access to the SEPM DB tables are used: this defines another approach.

AD and Location
It is easy to syncronise an AD into SEPM, then all the computers in a Microsoft Domain are then defined. It is then possible to give policies, either by “Location” mechanisms or picking some AD groups.
Location is a fine solution, define some Locations in “My Company” and let all the under groups inherit. One can test for if the computer is a particular type of server, and make virus scanning exceptions where needed. Unfortunately, it doesn’t seem to be possible to see int the SEPM database  which “Location” policy a given computer has.
AD hs a problem as well, it is very unlikely that there will be the AD groups that one needs define correct exceptions and it is not advisable to alter ones AD to reflect any policy structure that one wants. SEPM has unfortunately no means of grouping computers by there membership of any AD group (memberOf or  uniqueMember ). Also, it one has many Microsoft Domains, it get so be a pain keeping track of any new domains or importing them

LDAP
A sister to the AD synchronisation is LDAP synchronisation. In theory at least, unfortunately, if one does have a company  LDAP with ones computers defined, Symantec for some reason adds some extra “invisible” filters that, in my case, result in no computers.

ADAM
Well, lets use ADAM. ADAM comes with one’s Windows 2008 server on which one can run ones SEPM on. It is LDAP, so in theory it should be possible to create a structure that is compatible with the LDAP synchronisation in SEPM.
One could take the computers defined in ones company CMDB, place them in groups that are can have SEP policies assigned when they are synchronised with SEPM.

SEPM <<--LDAP Sync-->>ADAM Instance<<--Program that collects from CMDB, AD or text files


EVE
In the next couple of weeks, I will try and create “EVE”, a program (in Powershell) that can populate an ADAM with the information I need.
For success:
- a basic ADAM that SEPM will use (the filters used in SEPM are now documented with a Wireshark trace).

Unless a snake comes into paradise of course ...devil


Forum @ https://www-secure.symantec.com/connect/forums/adam-ldap-sync-group-sepm

Idea @ https://www-secure.symantec.com/connect/idea/ldap-filter-definition

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jan 04, 2011 03:20 AM

Let us see if I can get help

Let us see if I can get help with putting the code(s) I have made @ http://sourceforge.net/projects/sepbabedoda/

 

Open Source and one can join the work

May 31, 2010 02:16 AM

Hej
The ADAM I am using is a SEPM local source

CSV was choosen as it is an "interface" so that others can generate an import list.

SEPM Sync to LDAP <-- "well described" interface --> ADAM instance <--SymantecEve<-- CSV file (interface)<-- Site dependant program to generate CSV (Excel, Powershell, Perl, Bash..)<- Site dependant DB/CMDB/...

May 27, 2010 04:29 PM


ADAMsync can be used to populate an ADAM instance with ONLY the information required by the SEPM; in this way you can filter out non-computer (or user) objects, select specific OUs, and/or select only systems with specific attributes.

I'll post the ADAMsync parameters a bit later to pull only computer-based agents into ADAM; from there, ADAM is nothing more than an LDAP repository.  It's perfectly feasible to run ADAM on the actual SEPM, so that the SEPM syncs with a local source.

May 27, 2010 02:35 AM

SymantecEve,ps1 is written and will soon be availabe @ downloads. The usage is below.
Format for the csv at this time is:

cn,DNPath,SEPMGroup
"cn=computername","dc=my,dc=net","SomeGroup"
$ProgramName (Version: $Version)

Function: to populate an ADAM instance from a CSVFile to be used as a LDAP sync source for Symantec SEPM.

Parameters:

-CSVFile The csv file to be imported

-ADAMHost The dns/ip of the ADAM host, with optional port eg localhost:389

-TopDN The dn used eg dc=net

Options:

-UseEventLog Send program events to Windows Application Log (default: False)

-Verbose More text output

-WhatIf This "usage"

Related Entries and Links

No Related Resource entered.