Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About nikatsam
nikatsam
Explorer
Member since:
08-03-2014
04-07-2025
Community Statistics
| Posts | 5 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-03-2014 |
Activity Feed
- Posted Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:26 AM
- Tagged Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:21 AM
- Tagged Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:21 AM
- Tagged Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:21 AM
- Tagged Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:21 AM
- Posted Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:20 AM
- Posted Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:10 AM
- Tagged Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:10 AM
- Tagged Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:10 AM
- Tagged Re: TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:10 AM
- Posted TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:00 AM
- Tagged TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:00 AM
- Tagged TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:00 AM
- Tagged TA-SymantecWebSecurityService not working properly scwss-poll on All Apps and Add-ons. 05-27-2021 01:00 AM
- Posted How to check for compatibility with TA Microsoft Defender ATP Add-on (version 7.0 & 7.1) when running a lower version of Splunk Cloud? on All Apps and Add-ons. 05-25-2020 03:58 AM
- Tagged How to check for compatibility with TA Microsoft Defender ATP Add-on (version 7.0 & 7.1) when running a lower version of Splunk Cloud? on All Apps and Add-ons. 05-25-2020 03:58 AM
- Tagged How to check for compatibility with TA Microsoft Defender ATP Add-on (version 7.0 & 7.1) when running a lower version of Splunk Cloud? on All Apps and Add-ons. 05-25-2020 03:58 AM
- Tagged How to check for compatibility with TA Microsoft Defender ATP Add-on (version 7.0 & 7.1) when running a lower version of Splunk Cloud? on All Apps and Add-ons. 05-25-2020 03:58 AM
- Tagged How to check for compatibility with TA Microsoft Defender ATP Add-on (version 7.0 & 7.1) when running a lower version of Splunk Cloud? on All Apps and Add-ons. 05-25-2020 03:58 AM
Topics I've Started
05-27-2021
01:26 AM
for problem A) the app is looking for admin user so in a cloud environment make sure to ask support to validate permissions. i.e. allow sc_admin to write to the app.
... View more
05-27-2021
01:20 AM
on an additional note, modifying in $SPLUNKDIR/etc/apps/TA-SymantecWebSecurityService/bin logger_manager.py logfile = make_splunkhome_path(["var", "log", "scwss", "%s.log" % log_name]) logdir = os.path.dirname(logfile) to splunk will allow you to ingest the scwss-poll.log generated by the scwss-poll.py script in _internal as the current set up may fail to pull the log file unless you add a new file monitor on the scwss dir.
... View more
05-27-2021
01:10 AM
in the 2.0.0 version of the TA there is a Readme folder that explains the input.conf stanza. also keep in mind you need to hardcode the index in inputs.conf in the README folder the inputs.conf.spec shows all parameters that can be configured in inputs.conf [scwss-poll://<name>] apiusername = <value> *Cloud-driven Web Security Service API Username apikey = <value> *Cloud-driven Web Security Service API Key start_time = <value> *Data-collection start-time * HTTPS proxy server address https_proxy = <value> * HTTPS proxy server port https_proxy_port = <value> * HTTPS proxy server username https_proxy_username = <value> * HTTPS proxy server password https_proxy_password = <value> python.version = <value> the default or LOCAL inputs.conf contains: ***** please note index needs hardcoded in inputs.conf as index="wss" or logs end up in main**** [scwss-poll] interval = 3600 sourcetype = symantec:websecurityservice:scwss-poll python.version = python3 [batch://$SPLUNK_HOME/var/spool/splunk/...stash_ta_scwss_logs.zip] index=wss sourcetype = symantec:websecurityservice:scwss-poll move_policy = sinkhole [batch://$SPLUNK_HOME\var\spool\splunk\...stash_ta_scwss_logs.zip] sourcetype = symantec:websecurityservice:scwss-poll move_policy = sinkhole So what would a Complete stanza look like? i.e. hardcoded to /TA-SymantecWebSecurityService/default/inputs.conf [scwss-poll://<name>] interval = 3600 sourcetype = symantec:websecurityservice:scwss-poll python.version = python3 apiusername = <value> *Cloud-driven Web Security Service API Username apikey = <value> *Cloud-driven Web Security Service API Key start_time = <value> *Data-collection start-time * HTTPS proxy server address https_proxy = <value> * HTTPS proxy server port https_proxy_port = <value> * HTTPS proxy server username https_proxy_username = <value> * HTTPS proxy server password https_proxy_password = <value> [batch://$SPLUNK_HOME/var/spool/splunk/...stash_ta_scwss_logs.zip] index=wss sourcetype = symantec:websecurityservice:scwss-poll move_policy = sinkhole
... View more
05-27-2021
01:00 AM
WSS input is unresponsive. A) getting socket errors when connnecting to localhost scwss-poll B) submitting input XML form with input name/credentials to API - not working - throwing error from splunkd as unresponsive.
... View more
Labels
05-25-2020
03:58 AM
Hello,
As we are running a lower version of Splunk Cloud instance, can we get the TA checked for compatibility for 7.0 and 7.1?
Are there any known issues of compatibility for those earlier versions?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-07-2025
12:25 PM
|
