ProxySG DataSource was configured using https through SpanVA to CloudSOC

Logs had been successfully uploaded and processed in CloudSOC Audit for about a year

Contacts configured in CloudSOC DataSource receive an email (similar to this below) stating that no new data has been received.

Preliminary Investigation in SpanVA:

Upper left corner - SpanVA  Active / Green connected to CloudSOC

Diagnostics Tab / Click on "Generate Diagnostics" - All items green

Certificates Tab / Server: Active Server Certificate expired recently

SpanVA Active Server Certifcate expired causing ProxySG datasource to be unable to upload logs to SpanVA.

Client follow this Tech Doc to create a new self-signed server certificate using Windows or Linux OpenSSL utility:

Note: During SSL certificate creation when prompted to provide FQDN or IP Address - recommend to use SpanVA's IP Address.

(As of 02/01/23 - using FQDN may not work)

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/spanva-home/managing-the-spanva-instance/configuring-spanva-with-a-self-signed-certificate.html

Upload new SpanVA Server Cert to ProxySG following this Tech Doc:

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/audit-home/proxy-sg-home/configuring-https-file-transfer-via-spanva.html

Proxy SG Admin can check if handshake is completing, perform a test upload to SpanVA, view Traffic Capture, determine if logs are successfully getting sent to SpanVA

When new logs are confirmed being sent from ProxySG, and after sufficient time has passed, maybe 5-10 minutes

In SpanVA "Monitoring" Tab. Scroll to bottom. Look for new logs being received from DataSource

Logs getting from SpanVA to CloudSOC, processed there, appearing in CloudSOC Audit, may take up to 6 hours to process

Using FQDN for creating SpanVA self-signed Server Certs will be tested, and if any issue found, addressed in next SpanVA version.