Symantec Endpoint Protection (SEP) seclog file IP Analyzer
Please note that this version is not suitable for production use, this is a beta version for development purpose only which is used for a personal RDP server with a normal workload.
The script tries to find the attacker's IP addresses in the 'seclog' file and blocks if the number of attacks exceeds a certain number. All settings are in the settings.ini file.
[!] Pre-set maximum log file size for SEP
[!] Create a predefined rule for auto update
SEP firewall rule blocking:
- Export current rules
- Add IP addresses to the predefined rule.
- Import rules into SEP Simple and works fine.
Check all settings in the config file before use.