Configure Broadcom Symantec Endpoint Security for Arctic Wolf monitoring

You can configure Broadcom Symantec Endpoint Security® to send the necessary logs to Arctic Wolf® for security monitoring.

These resources are required:

  • A Symantec Endpoint Security Complete license
  • Administrator permissions for the Symantec Security Cloud Portal

These actions are required:

Configure Broadcom Symantec Endpoint Security

  1. Sign in to the Symantec Security Cloud Portal as an administrator.
  2. In navigation menu, click Integration > Client Applications.
  3. On the Client Application Management page, save the Customer ID and Domain ID values to a safe, encrypted location to provide to Arctic Wolf later.
  4. Click Add to add a new client application.
  5. Enter a name for the client application, for example Arctic Wolf Monitoring, and then click Add.
  6. In the Client Application Management Details window, set these privileges for your new application:
    • Devices — Under Group Management, click View.
    • Alerts & Events — In the Alerts & Events Rule Management section, click View.
    • Investigations — In the Incident and Incident Rules section, click View.
    • Policies — Under Policy Management, click View.
  7. Click Save.
  8. Click Client Secret > Copy to clipboard > OK to copy your OAuth secret and save it to a safe, encrypted location to provide to Arctic Wolf later.

Provide Broadcom Symantec Endpoint Security credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click Symantec Broadcom.
  5. Configure these settings:
  6. Click Test and submit credentials.