search cancel

Symantec SOC View TA 2.0 fails to retrieve access token from SES through HTTP Proxy

book

Article ID: 229830

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

Symantec SOC View TA 2.0 fails to retrieve access token from Symantec Endpoint Security (SES) through HTTP Proxy

Environment

·        The on premise server running Splunk instance is behind a firewall with no access to outside network other than being routed via HTTP proxy

·        The Splunk instance with SOC View TA version 2.0 is also configured to use an HTTP proxy

Cause

One of the API used by 2.0 version of the Symantec SOC View TA to obtain an access token was not using proxy configuration and instead using default port 443

Since firewall was blocking port 443, the 2.0 version of the Symantec SOC View TA was unable to fetch SEP or Incident events without an access token

Resolution

BROADCOM resolved this issue in Symantec SOC View TA v2.1.

Please download and install the latest version of Symantec SOC View TA.