.. generated, remove this comment to keep this file ``symantec.firewall`` ===================== .. code-block:: console $ target-query -f symantec.firewall .. list-table:: Details :widths: 20 80 * - Module - ``apps.av.symantec.SymantecPlugin`` * - Output - ``records`` **Module documentation** Symantec Endpoint Security Suite Plugin, based on https://malwaremaloney.blogspot.com/2021/01/ **Function documentation** Return log firewall records. Yields SEPFirewallRecord with the following fields: ts (datetime): Timestamp associated with the event. protocol (string): Protocol name associated with the firewall record. local_ip ("net.ipaddress"): Local IP address associated with the event. remote_ip ("net.ipaddress"): Remote IP address associated with the event. local_ip6 ("net.ipaddress"): Local IPv6 address associated with the event. remote_ip6 ("net.ipaddress"): Remote IPv6 address associated with the event. local_port (varint): Local port associated with the event. remote_port (varint): Local port associated with the event. outbound (boolean): True in case of outbound traffic/connection. begin_time (datetime): Start of the event. end_time (datetime): End of the event. repetition (varint): How many times this event happened within the time frame. blocked (boolean): Whether the traffic/connection was succesfully blocked. severity (string): Severity of the event. rule_id (varint): Firewall rule ID associated with this event. rule_name (string): Name of the Firewall rule associated with this event. remote_host (string): Name of the remote host if it can be traced. application (path): Application responsible for/affected by event. user (string): User associated with the event. line_no (varint): Reference line number in log file.