Regarding API, supervisor approval, and SIEM log format issues

Products Endpoint Protector Discussions & Questions
, ,
1

Hello,

1. API Availability and Integration Capabilities

Does Endpoint Protector provide API integration capabilities?

Our customer has an existing manager approval / authorization system, and they would like to integrate this workflow so that managers can approve or grant user permissions through their internal system.

  • Is there a public or supported API available for this purpose?

  • If APIs are available, are they included by default, or do they require a separate request or enablement through Netwrix?

2. Manager Approval Workflow and Delegation Mechanism

Does Endpoint Protector support a manager approval workflow?

Additionally, is there a delegation or backup approver mechanism?
For example:

  • Two managers are assigned as approvers

  • If Manager A is unavailable, Manager B can approve access requests on their behalf

3. Third-Party SIEM Integration and Log Format

Regarding SIEM integration, we would like to understand the logging capabilities:

  • Does Endpoint Protector export logs using Syslog format?

  • Is JSON-formatted log output supported for SIEM ingestion?

2

Hi Calvin,

  1. Endpoint Protector does not currently offer an API, although this is being considered for a future release.
  2. While a Manager Approval Workflow is not available, the product does provide Self-User Remediation capabilities. Users can temporarily bypass blocking policies by providing a justification. These actions are fully logged and can be reviewed at any time in the Reports section of the Endpoint Protector server.
  3. The logs from the Endpoint Protector server are forwarded to third-part SIEM solutions via syslog, JSON output is not supported. More details are available here: Appliance | Netwrix Product Documentation