Providing Symantec Broadcom Endpoint Security (SES) Credentials to Arctic Wolf

Overview Direct link to this section

This document describes how to retrieve the credentials that Arctic Wolf® needs to monitor Symantec Broadcom Endpoint Security (SES). After you complete this configuration, Arctic Wolf can monitor logs from your Symantec Broadcom SES environment.

As part of this configuration, you must provide the following information about your Symantec Broadcom SES configuration to Arctic Wolf:

• Customer ID
• Domain ID
• OAuth credentials

Before you begin Direct link to this section

Before you configure Symantec Broadcom SES, you must have:

• One of these licenses from Symantec:
  • Symantec Endpoint Security Complete
  • Symantec Endpoint Security Enterprise
• Configured your Symantec Endpoint Security account to either a hybrid or fully-cloud managed option. For more information about configuring your Symantec Endpoint Security account, see the Symantec Security Endpoint documentation.
• Administrator access to the Symantec Security Cloud Portal.

Configure Symantec Broadcom SES Direct link to this section

To configure Symantec Broadcom SES:

1. Sign in to the Symantec Security Cloud Portal as an administrator.

2. From the side navigation menu, click Integration > Client Applications.

3. On the Client Application Management screen, record the Customer ID and Domain ID values to provide to Arctic Wolf later.

4. Click Add to add a new client application. Enter a name for the client application, for example Arctic Wolf Monitoring, and then click Add.

5. In the Client Application Management Details window, set these privileges for your new application:

   • Devices — Under Group Management, select View.
   • Alerts & Events — Under Alerts & Events Rule Management, select View.
   • Investigations — Under Incident and Incident Rules, select View.
   • Policies — Under Policy Management, select View.

6. Click Save.

7. To retrieve your OAuth credentials, click Client Secret > Copy to clipboard > OK to provide to Arctic Wolf later.

8. Proceed to Provide credentials to Arctic Wolf.

Provide credentials to Arctic Wolf Direct link to this section

To provide your cloud application details to Arctic Wolf on the Arctic Wolf Portal:

1. Sign in to the Arctic Wolf Portal.

2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

   

3. Select +Add Account to open the Add Account form.

4. Select Cloud Detection and Response as the Account Type.

5. Select Symantec Broadcom and fill in the following fields:

   • Account Name
   • Customer ID
   • Domain ID
   • OAuth credentials

6. Select Submit to CST.

7. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team provisions security monitoring for your account, the status of your credentials changes to Connected.