Symantec · Capability

Symantec Endpoint Security Management

Unified endpoint security management capability for Symantec/Broadcom products. Enables security operations teams to manage endpoint protection infrastructure, query protected devices, administer groups, and manage administrator accounts via the SEPM REST API.

Run with Naftiko BroadcomCybersecurityEndpoint ProtectionEndpoint SecurityGroupsSEPMSecurity OperationsSymantec

What You Can Do

GET
List computers — List Computers
/v1/computers
DELETE
Remove computer — Remove Computer
/v1/computers/{computerId}
GET
List groups — List Groups
/v1/groups
POST
Create group — Create Group
/v1/groups
GET
List administrators — List Administrators
/v1/administrators

MCP Tools

list-computers

List all endpoints managed by SEPM with status, OS, SEP version, and last scan time

read-only idempotent
search-computers-by-name

Search for specific computers by hostname in SEPM

read-only idempotent
list-groups

List all SEPM groups with computer counts and policy settings

read-only idempotent
create-group

Create a new computer group in SEPM for policy segmentation

list-administrators

List all SEPM administrator accounts and their roles

read-only idempotent

APIs Used

sepm

Capability Spec

endpoint-security.yaml Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Symantec Endpoint Security Management"
  description: >-
    Unified endpoint security management capability for Symantec/Broadcom
    products. Enables security operations teams to manage endpoint protection
    infrastructure, query protected devices, administer groups, and manage
    administrator accounts via the SEPM REST API.
  tags:
    - Broadcom
    - Cybersecurity
    - Endpoint Protection
    - Endpoint Security
    - Groups
    - SEPM
    - Security Operations
    - Symantec
  created: "2026-05-03"
  modified: "2026-05-03"

binds:
  - namespace: env
    keys:
      SEPM_USERNAME: SEPM_USERNAME
      SEPM_PASSWORD: SEPM_PASSWORD
      SEPM_HOST: SEPM_HOST
      SEPM_BEARER_TOKEN: SEPM_BEARER_TOKEN

capability:
  consumes:
    - import: sepm
      location: ./shared/symantec-sepm.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: symantec-security-api
      description: "Unified REST API for Symantec endpoint security management."
      resources:
        - path: /v1/computers
          name: computers
          description: "Manage protected endpoint computers"
          operations:
            - method: GET
              name: list-computers
              description: "List Computers"
              call: "sepm.list-computers"
              with:
                computerName: "rest.computerName"
                pageSize: "rest.pageSize"
                pageIndex: "rest.pageIndex"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/computers/{computerId}
          name: computer-detail
          description: "Single computer management"
          operations:
            - method: DELETE
              name: remove-computer
              description: "Remove Computer"
              call: "sepm.list-computers"
              with:
                computerId: "rest.computerId"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/groups
          name: groups
          description: "SEPM group management"
          operations:
            - method: GET
              name: list-groups
              description: "List Groups"
              call: "sepm.list-groups"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-group
              description: "Create Group"
              call: "sepm.create-group"
              with:
                name: "rest.name"
                description: "rest.description"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/administrators
          name: administrators
          description: "SEPM administrator accounts"
          operations:
            - method: GET
              name: list-administrators
              description: "List Administrators"
              call: "sepm.list-administrators"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: symantec-security-mcp
      transport: http
      description: "MCP server for AI-assisted Symantec endpoint security management."
      tools:
        - name: list-computers
          description: "List all endpoints managed by SEPM with status, OS, SEP version, and last scan time"
          hints:
            readOnly: true
            idempotent: true
          call: "sepm.list-computers"
          with:
            computerName: "tools.computerName"
            pageSize: "tools.pageSize"
          outputParameters:
            - type: object
              mapping: "$."

        - name: search-computers-by-name
          description: "Search for specific computers by hostname in SEPM"
          hints:
            readOnly: true
            idempotent: true
          call: "sepm.list-computers"
          with:
            computerName: "tools.computerName"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-groups
          description: "List all SEPM groups with computer counts and policy settings"
          hints:
            readOnly: true
            idempotent: true
          call: "sepm.list-groups"
          outputParameters:
            - type: object
              mapping: "$."

        - name: create-group
          description: "Create a new computer group in SEPM for policy segmentation"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "sepm.create-group"
          with:
            name: "tools.name"
            description: "tools.description"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-administrators
          description: "List all SEPM administrator accounts and their roles"
          hints:
            readOnly: true
            idempotent: true
          call: "sepm.list-administrators"
          outputParameters:
            - type: object
              mapping: "$."