How to utilize the Cloud SWG (previously known as: WSS) App for Splunk?

The Symantec WSS App for Splunk is intended to do data collection, data normalization, and visualization of real-time data through API calls. This App utilizes the Technology Add-on feature of Splunk so that users can import their access logs from WSS into Splunk.

Please refer to the WSS Splunk App page and the WSS Splunk App documentation for more details. You can also review the README.txt inside the .tar file for installation, configuration, troubleshooting, and log files.

Customers can also download WSS access logs using scripting or other SIEM applications.

Please refer to the Use the Cloud SWG Sync API to Get Near Real-Time Log Data documentation for proper implementation.

For further troubleshooting, if you need to perform a test to see if CloudSWG/WSS is responding to API calls, please use curl to test downloading a log from your WSS 

Please note: The Splunk Apps are freely downloadable and editable. As such, they are unsupported by and are provided to assist with Splunk integration efforts.