×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rcalvo_ilt
New Member
Member since: ‎04-25-2022
‎04-25-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-25-2022
View All

Re: Add on for Symantec Endpoint Security (Cloud b...

by in All Apps and Add-ons
‎07-22-2022 06:39 AM
‎07-22-2022 06:39 AM
Hi, I dealt with the identical issue. The only viable solution is to call an API. Or purchase Symantec's log parser exchange with a syslog output for SIEMS. This is purposely done. You can do so by following these steps: https://apidocs.securitycloud.symantec.com/#/doc?id=ses auth Generate an OAuth Key from the Symantec console in order to generate a bearer token with an expiration time for API calls. You have multiple alternatives, including Export Events and Export Stream Events, among others. The "Heavy Forwarder" server was what I used to execute these orders. The data can then be saved in a text file and parsed as desired. You can also design the Add-On yourself, but then you're responsible for its maintenance and updates... so it's not worth it. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-25-2022 01:50 PM