SIEM integration with Web Security Service

book

Article ID: 171280

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

You have a SIEM that needs to analyze log files from Web Security Service (WSS).

Environment

Web Security Service

Resolution

 There is a REST API that can be used to integrate your SIEM with WSS.

  1. Create the API Key on WSS (Web Security Service: Near Real-Time Log Sync Brief)

  2. Once the API Key is generated, WSS provides the API method for the SIEM to download logs from WSS. The SIEM tools need to pull those logs via HTTPS and with the configured API Key.

  3. You need to involve your SIEM administrator to help you to consume the logs downloaded via SyncAPI. Symantec's technical support only provides the API Key and interface to download the logs.

Attachments

PDF_SyncAPI.pdf get_app