Install both TA-SymantecWebSecurityService and SymantecWebSecurityService applications
Log into Splunk. Go to Apps>Manage Apps and click on Install app from a file.
Upload “SymantecWebSecurityService-S16-1.0.0-17.tar.gz” and “TA-SymantecWebSecurityService-S16-1.1.1-34.tar.gz”
Log in to the WSS portal and add the Application Programming Interface (API) key
Navigate to Account Configuration > API Credentials
Click Add API Credentials. The WSS displays the New API Credential dialog, which contains the random characters Username and Password.
Check the boxes for "Reporting Access Logs" and "Audit Logs"
Complete setup for TA, on Splunk, go to Go to Settings > Data inputs
Find “Symantec Web Security Service” and click on “+ Add new”
- Name: Name of input - API User Name: User to connect to threat pulse portal. The one you created earlier in step 5 - API Key: password for API from threat pulse portal (step 5) - Data collection start time - Click on “more Settings:
Make sure source type is set to “manual and “source type” is: symantec:websecurityservice:scwss-poll
Click on “next” and “start searching” or Click on to see all dashboards >Apps>Symantec Web Security Service App For Splunk for real-time data monitoring