If you're having trouble at any stage please contact us at email@example.com.
The goal of this guide is to add a new SkyFormation for Symantec WSS connector to your SkyFormation Platform.
To add the Symantec connector to your SkyFormation app, you will need to have the following Symantec WSS account's information at hand:
- User API key (user and password)
To create a User API key please follow the steps detailed at the following Symantec "Near Real-Time Log Sync Solution Brief" guide:
Look for the section called: "Create a User API Key"
NOTE: The SymantecWss cloud connector is designed to pull the events only on the top of the hour. It checks every 10 minutes but only pulls the events once a full hour has passed.
Steps to onboard the connector to SkyFormation app
1. Logon to your SkyFormation Platform:
2. Navigate via left navigation panel to "Settings" section
3. Navigate via New Settings left navigation panel to "Accounts" section
4. Click the "Add Account" bottom
5. At the "SELECT SERVICE TO ADD" choose "Symantec WSS". You will see the following screen:
6. Fill in the following information:
- Account Name
Give the Symantec WSS connector a meaningful name for you.
This will become your cloud app connector name displayed in the application and the
events sent to external systems as SIEM/Log management. This is a mandatory field.
e.g. "Corporate Secure Web Gateway"
Add a text that describes the Symantec WSS service account for you.
This is an optional field.
The user name obtained in the prerequisite section
The password obtained in the prerequisite section
Choose what event types to pull
We have divided the event types coming from Symantec WSS logs into 3 types. You can choose for each one whether or not you would like the connector to pull events from that type. The types are:
- Informational events- connection events which passed successfully without any issue.
- Connection Failure events - connection attempts which were reset, failed or rejected by Symantec
- Security related events - the following events fall under this category:
- The URL that the connection was attempted to was classified by Symantec as "threat risk"
- The host that the connection was attempted to did not have the expected certificate
- Symantec has identified that the client environment has risk per the compliance policy.
- Symantec has identified DLP in the connection
- Symantec has identified malware in the connection
- The connection was denied for compliance reasons.
At this point you can click on "TEST CONNECTION" to make sure the connection is set up successfully, or just click on "DONE".
Start the connector and make sure that the status becomes "OK" after a few seconds.