Symantec SOC View TA 2.0 fails to retrieve access token from Symantec Endpoint Security (SES) through HTTP Proxy
· The on premise server running Splunk instance is behind a firewall with no access to outside network other than being routed via HTTP proxy
· The Splunk instance with SOC View TA version 2.0 is also configured to use an HTTP proxy
One of the API used by 2.0 version of the Symantec SOC View TA to obtain an access token was not using proxy configuration and instead using default port 443
Since firewall was blocking port 443, the 2.0 version of the Symantec SOC View TA was unable to fetch SEP or Incident events without an access token
BROADCOM resolved this issue in Symantec SOC View TA v2.1.
Please download and install the latest version of Symantec SOC View TA.