Configure Symantec Broadcom Endpoint Security for Arctic Wolf monitoring

You can configure Symantec Broadcom Endpoint Security to send the necessary logs to Arctic Wolf for security monitoring.

Requirements

• One of these licenses from Symantec:
  • Symantec Endpoint Security Complete
  • Symantec Endpoint Security Enterprise
• Administrator permissions for the Symantec Security Cloud Portal.

Before you begin

• Configure your Symantec Endpoint Security account to either a hybrid or fully-cloud managed option. See the Symantec Security Endpoint documentation for more information.

Steps

1. Configure Symantec Broadcom SES.
2. Provide credentials to Arctic Wolf.

Step 1: Configure Symantec Broadcom SES

1. Sign in to the Symantec Security Cloud Portal as an administrator.

2. In navigation menu, click Integration > Client Applications.

3. On the Client Application Management page, save the Customer ID and Domain ID values. You will provide these values to Arctic Wolf later.

4. Click Add to add a new client application.

5. Enter a name for the client application, for example Arctic Wolf Monitoring, and then click Add.

6. In the Client Application Management Details window, set these privileges for your new application:

   • Devices — Under Group Management, click View.
   • Alerts & Events — In the Alerts & Events Rule Management section, click View.
   • Investigations — In the Incident and Incident Rules section, click View.
   • Policies — Under Policy Management, click View.

7. Click Save.

8. Click Client Secret > Copy to clipboard > OK to copy your OAuth secret. Save it in a safe, encrypted location. You will provide it to Arctic Wolf later..

Step 2: Provide credentials to Arctic Wolf

1. Sign in to the Arctic Wolf Unified Portal.

2. In the menu bar, click Telemetry Management > Connected Accounts.

3. Click Add Account +.

4. On the Add Account page, from the Account Type list, select Cloud Detection and Response.

5. From the list of cloud services, select Symantec Broadcom.

6. On the Add Account page, configure these settings:

   • Account Name — Enter a unique and descriptive name for the account.
   • Customer ID — Enter the value obtained in Configure Symantec Broadcom SES.
   • Domain ID — Enter the value obtained in Configure Symantec Broadcom SES.
   • OAuth credentials — Enter the appropriate value.
   • Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.

7. Click Test and Submit Credentials.

   After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.