Web Security Services

 View Only

 Near-Real-Time Log Syncing

Mark Sutcliffe's profile image
Broadcom Knight Mark Sutcliffe posted Apr 06, 2022 04:41 AM
Hi All,
I have a client that uses the instructions below to retrieve logs and ingest them into their SIEM,

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/web-security-service/help/wss-api/report-sync-about.html

But they find the process of handling the zip files, searching them and extracting the info cumbersome.

Are there any plans to change the way this is handled like using JSON?

Or are there any plans for more out-of-the-box apps for Qradar and Sentinel like there currently are for Splunk?

Thanks,
Mark
Bob Greska's profile image
Broadcom Employee Bob Greska posted Apr 26, 2022 02:34 PM
Mark,
The Sync API downloads logs, and places them in a directory.  From there they can be used as needed.  The Splunk App is a tool that is "unsupported" by us, although it was made available some time ago.

As for a particular tool for Qradar or Sentinel it is unlikely, but Field request can be made through the sales team.
As for JSON there is nothing on the roadmap at this time; again a field request can be made.