Splunk SIEM using the Symantec WSS Transfer Agent seemingly failed and then eventually recovered.
The WSS Splunk app modular inputs logs written to $SPLUNK_HOME/etc/var/log/scwss/scwss-poll.log showed error:
ERROR 140501843720000 - 2021-12-05 03:51:59 status=error, msg='Server failed to fulfill the request', code='500'
ERROR 139975231018816 - 2021-12-05 04:02:48 status=error, msg='Server failed to fulfill the request', code='500'
ERROR 140010127738688 - 2021-12-05 04:23:15 status=error, msg='Server failed to fulfill the request', code='500'
Web Security Service
Near Real-Time Log SyncAPI
WSS App and add-on for Splunk
A 500 status code happens due to a SyncAPI internal server error.
An internal Web Security Service error prevented the download. The client might need to wait a while before repeating the request.
All 500-level responses suggest that the client can repeat the last token when the service becomes available.