Configuring Broadcom (Blue Coat / Symantec) WSS Connectors
The Broadcom (Blue Coat / Symantec) Web Security Services (WSS) connector allows you to collect data from external sources and add the reports to the Stellar Cyber data lake.
Connector Overview: Broadcom (Blue Coat / Symantec) WSS
Capabilities
-
Collect: Yes
-
Respond: No
-
Native Alerts Mapped: No
-
Runs on: DP
-
Interval: 5 minutes
Collected Data
Content Type |
Index |
Locating Records |
---|---|---|
Log |
Syslog |
Domain
https://portal.threatpulse.com |
Response Actions
N/A
Third Party Native Alert Integration Details
N/A
Required Credentials
-
API Username and API Password
Let us know if you find the above overview useful.
Adding a Broadcom (Blue Coat / Symantec) WSS Connector
To add a Broadcom (Blue Coat / Symantec) WSS connector:
Adding the Connector in Stellar Cyber
With the configuration information handy, you can add the Broadcom (Blue Coat / Symantec) WSS connector in Stellar Cyber:
-
Log in to Stellar Cyber.
-
Click System | Integration | Connectors. The Connector Overview appears.
-
Click Create. The General tab of the Add Connector screen appears. The information on this tab cannot be changed after you add the connector.
The asterisk (*) indicates a required field.
-
Choose Web Security from the Category drop-down.
-
Choose Broadcom (Blue Coat / Symantec) WSS from the Type drop-down.
-
For this connector, the supported Function is Collect, which is enabled already.
-
Enter a Name.
This field does not accept multibyte characters.
-
Choose a Tenant Name. The Interflow records created by this connector include this tenant name.
-
Choose the device on which to run the connector .
-
(Optional) When the Function is Collect, you can create Log Filters. For information, see Managing Log Filters.
-
Click Next. The Configuration tab appears.
The asterisk (*) indicates a required field.
-
Enter the API Username.
-
Enter the API Password.
-
Choose the Content Type you would like to collect. The logs for Log are supported.
-
Click Next. The final confirmation tab appears.
-
Click Submit.
To pull data, a connector must be added to a Data Analyzer profile if it is running on the Data Processor.
The new connector is immediately active.
Testing the Connector
When you add (or edit) a connector, we recommend that you run a test to validate the connectivity parameters you entered. (The test validates only the authentication / connectivity; it does not validate data flow).
For connectors running on a sensor, Stellar Cyber recommends that you allow 30-60 seconds for new or modified configuration details to be propagated to the sensor before performing a test.
-
Click System | Integrations | Connectors. The Connector Overview appears.
-
Locate the connector that you added, or modified, or that you want to test.
-
Click Test at the right side of that row. The test runs immediately.
Note that you may run only one test at a time.
Stellar Cyber conducts a basic connectivity test for the connector and reports a success or failure result. A successful test indicates that you entered all of the connector information correctly.
To aid troubleshooting your connector, the dialog remains open until you explicitly close it by using the X button. If the test fails, you can select the button from the same row to review and correct issues.
The connector status is updated every five (5) minutes. A successful test clears the connector status, but if issues persist, the status reverts to failed after a minute.
Repeat the test as needed.
Verifying Ingestion
To verify ingestion:
- Click Investigate | Threat Hunting. The Interflow Search tab appears.
- Change the Indices to Syslog. The table immediately updates to show ingested Interflow records.