Articles in this section

See more

Adding Symantec WSS Cloud Connector to SkyFormation Platform

Avatar
Nadav Lavy (Greenberg)
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

Preface

The goal of this guide is to add a new SkyFormation for Symantec WSS connector to your SkyFormation Platform.

Prerequisites

To add the Symantec connector to your SkyFormation app, you will need to have the following Symantec WSS account's information at hand:

  1. User API key (user and password)

To create a User API key please follow the steps detailed at the following Symantec "Near Real-Time Log Sync Solution Brief" guide:
https://support.symantec.com/en_US/article.DOC10379.html

Look for the section called: "Create a User API Key"

NOTE: The SymantecWss cloud connector is designed to pull the events only on the top of the hour. It checks every 10 minutes but only pulls the events once a full hour has passed.

Steps to onboard the connector to SkyFormation app

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" bottom

5. At the "SELECT SERVICE TO ADD" choose "Symantec WSS". You will see the following screen:

mceclip0.png

6. Fill in the following information:

    - Account Name
        Give the Symantec WSS connector a meaningful name for you. 
        This will become your cloud app connector name displayed in the application and the 
        events sent to external systems as SIEM/Log management. This is a mandatory field.

      e.g. "Corporate Secure Web Gateway"     

    - Description
      Add a text that describes the Symantec WSS service account for you.

     This is an optional field.

   - User
      The user name obtained in the prerequisite section

   - Password
      The password obtained in the prerequisite section

Choose what event types to pull

 We have divided the event types coming from Symantec WSS logs into 3 types. You can choose for each one whether or not you would like the connector to pull events from that type. The types are:

  1. Informational events- connection events which passed successfully without any issue.
  2. Connection Failure events - connection attempts which were reset, failed or rejected by Symantec
  3. Security related events - the following events fall under this category:
    1. The URL that the connection was attempted to was classified by Symantec as "threat risk"
    2. The host that the connection was attempted to did not have the expected certificate
    3. Symantec has identified that the client environment has risk per the compliance policy.
    4. Symantec has identified DLP in the connection
    5. Symantec has identified malware in the connection
    6. The connection was denied for compliance reasons.

At this point you can click on "TEST CONNECTION" to make sure the connection is set up successfully, or just click on "DONE".

Start the connector and make sure that the status becomes "OK" after a few seconds.

 

DONE!

Related articles

Comments

0 comments

Please sign in to leave a comment.