SIEM integration with Cloud SWG (aka WSS)
search cancel

SIEM integration with Cloud SWG (aka WSS)

book

Article ID: 171280

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

You have a SIEM that needs to analyze log files from Cloud SWG (aka WSS).

Resolution

 There is a REST API that can be used to integrate your SIEM with Cloud SWG.

  1. Create the API Key on Cloud SWG portal

    Implement the Sync API for Log Syncing

  2. Once the API Key is generated, WSS provides the API method for the SIEM to download logs from the Cloud SWG. The SIEM tools need to pull those logs via HTTPS and with the configured API Key.

  3. You need to involve your SIEM administrator to help you to consume the logs downloaded via SyncAPI. Symantec's technical support only provides the API Key and interface to download the logs.

Attachments

1681291118441__PDF_SyncAPI_2020.pdf get_app