- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Symantec WSS Cloud Connector
Broadcom’s Symantec Web Security Service (WSS) is a cloud-delivered network security service that protects enterprises from cyberattacks and advanced threats using a proxy architecture that terminates, inspects, and controls high volumes of web and cloud traffic. Symantec WSS secures data, provides prevention and protection against threats, and enables enterprises to control access to ensure secure and compliant use of cloud applications. For more information see the product information.
Prerequisites to Configure the Symantec WSS Cloud Connector
Before you configure the Symantec WSS connector you must obtain the user API key, also known as the API credentials.
Obtain the User API Key
Symantec WSS APIs are authenticated via application keys. You must obtain the user API key to configure the Symantec WSS connector.
To obtain the user API key:
Log in to the Symantec WSS console as an administrator.
Navigate to Service mode > Account Maintenance > Integrations.
Click New Integration.
Click API Credentials.
The New API Credentials dialog box displays values for username and password, represented by letters and numbers. Note the values to use while configuring the Symantec WSS Connector on the Exabeam Cloud Connector platform. For more information see the “Create a User API Key” section of the Symantec Near Real-Time Log Sync Solution Brief guide.
Understand Symantec WSS Log Events
The Symantec WSS log events are classified into three types by Exabeam cloud connector for filtering them from Symantec WSS data source: informational events, connection failure events, and security related events.
Informational events – Connections events that are passed without any issue by Symantec WSS.
Connection failure events – Events that include connection attempts that are reset, failed, or rejected by Symantec WSS.
Security related events – Events that include:
URLs classified as threat risk by Symantec WSS
Client environment that is identified as a risk based on Symantec WSS compliance policy
Connection that Symantec WSS identified for Data Loss Prevention (DLP) to check if data leak has occurred, according to the ICAP response
Connection in which Symantec WSS identified malware
Connection for which access is denied based on Symantec WSS compliance policy
By default, Exabeam ingests all events pulled by Symantec WSS. During the configuration of the Symantec WSS Cloud Connector, you can choose to filter events that Symantec WSS pulls from a data source. This includes filtering for traffic events, security related events, or connection failure events.
If you want Symantec WSS to pull all the events including security related events, select Yes for normal/informational traffic events and connection failure events. The security related events are included with these events.
If you want Symantec WSS to pull only security related events, select Yes for security related events or select No for normal/informational traffic events and connection failure events.
Configure the Symantec WSS Cloud Connector
Broadcom’s Symantec Web Security Service (WSS) is a cloud-delivered network security service that protects enterprises from cyberattacks and advanced threats using a proxy architecture that terminates, inspects, and controls high volumes of web and cloud traffic. Symantec WSS secures data, provides prevention and protection against threats, and enables enterprises to control access to ensure secure and compliant use of cloud applications. For more information see the product information.
The following table displays audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered | Events Included |
|---|---|---|
SyncAPI | Secure web gateway access logs |
To configure the Symantec WSS Cloud Connector to import data into the Exabeam Cloud Connector platform:
Complete the Prerequisites to Configure the Symantec WSS Cloud Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Symantec WSS from the list.
In the Accounts section, enter the required information. Required fields are indicated with a red bar.
Tenant – Select a tenant to attach to the connector if you are using a multi-tenant edition of Exabeam. Otherwise, select default.
Account Name – Specify a name for the Symantec WSS connector. For example, Corporate Web Security Service.
Description – (Optional) Describe the Symantec WSS connector. For example, Symantec WSS cloud-delivered network security service.
User – Enter the value for the username that you obtained while completing prerequisites.
Password – Enter the value for the password that you obtained while completing prerequisites.
Note
For more information about Symantec WSS log events, see Understand Symantec WSS Log Events.
Allow Filtering – By default (No), the connector does not apply any filtering and pulls all events. This enables Exabeam to handle high-volume environments. When filtering is disabled, the filter configurations that follow are also disabled. Select Yes if you want to use the event filters below to pull a smaller subset of events.
Pull Normal/Information Traffic Events – Select Yes if you want Symantec WSS to pull information traffic events.
Pull Connection Failure Events – Select Yes if you want Symantec WSS to pull the connection failure events.
Pull Security Related Events – Select Yes if you want Symantec WSS to pull only a subset of all the events (the security related events) and select No for normal/informational events and connection failure events.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.