CloudSOC CASB Gateway

Hi guys,


Two days ago we carried out the integration of CloudSOC x SEP, configured the SEP policy and forwarded the logs to SpanVA that we already have and that houses other logs. we added a new data source in the clousoc syslog BSD protocol but the status is pending data. Is there any way to validate? what can be wrong?


Thanks;

Bruna,

So long as it is in processing, it is processing. You will receive and error or a completion once it is finished. Unfortunately there isn't an easy way to look into the exact status.

Thanks!
Olin
Original Message:
Sent: 07-24-2020 09:05 AM
From: bruna rodrigues
Subject: Integration CloudSOC X SEP

Hi guys,


Two days ago we carried out the integration of CloudSOC x SEP, configured the SEP policy and forwarded the logs to SpanVA that we already have and that houses other logs. we added a new data source in the clousoc syslog BSD protocol but the status is pending data. Is there any way to validate? what can be wrong?


Thanks;

Olin,


I made this configuration on 17-07, it's been 5 days since I got the error return. Do you have any idea what I can do?
Original Message:
Sent: 07-24-2020 11:00 AM
From: Olin Basinger
Subject: Integration CloudSOC X SEP

Bruna,

So long as it is in processing, it is processing. You will receive and error or a completion once it is finished. Unfortunately there isn't an easy way to look into the exact status.

Thanks!
Olin
Original Message:
Sent: 07-24-2020 09:05 AM
From: bruna rodrigues
Subject: Integration CloudSOC X SEP

Hi guys,


Two days ago we carried out the integration of CloudSOC x SEP, configured the SEP policy and forwarded the logs to SpanVA that we already have and that houses other logs. we added a new data source in the clousoc syslog BSD protocol but the status is pending data. Is there any way to validate? what can be wrong?


Thanks;

Bruna,

My apologies, I thought you said the status was "processing" and not "pending data". Pending data means that there isn't any data coming from the SEP end. Please check that you are sending data from SEP to CloudSOC. Can you upload a screenshot of the status page? As well as the details page? And a picture of the text box that appears when you hover over the status bubble? 

One of the most common things to forget is on page 5 of the attached, adding the firewall rule to allow SEPM to send logs to CloudSOC.

Thanks,
Olin
Original Message:
Sent: 07-27-2020 09:40 AM
From: bruna rodrigues
Subject: Integration CloudSOC X SEP

Olin,


I made this configuration on 17-07, it's been 5 days since I got the error return. Do you have any idea what I can do?
Original Message:
Sent: 07-24-2020 11:00 AM
From: Olin Basinger
Subject: Integration CloudSOC X SEP

Bruna,

So long as it is in processing, it is processing. You will receive and error or a completion once it is finished. Unfortunately there isn't an easy way to look into the exact status.

Thanks!
Olin
Original Message:
Sent: 07-24-2020 09:05 AM
From: bruna rodrigues
Subject: Integration CloudSOC X SEP

Hi guys,


Two days ago we carried out the integration of CloudSOC x SEP, configured the SEP policy and forwarded the logs to SpanVA that we already have and that houses other logs. we added a new data source in the clousoc syslog BSD protocol but the status is pending data. Is there any way to validate? what can be wrong?


Thanks;

Bruna,

Yes, this shows that CASB is not receiving anything from SEPM. It looks like you are trying to send directly and are not using SpanVA. Please make sure you are able to send to CloudSOC. You'll need to make sure the following IP addresses are whitelisted in your firewall:

52.53.104.60

52.8.70.133

52.63.24.135

52.63.14.84

Original Message:
Sent: 07-27-2020 11:45 AM
From: Olin Basinger
Subject: Integration CloudSOC X SEP

Bruna,

My apologies, I thought you said the status was "processing" and not "pending data". Pending data means that there isn't any data coming from the SEP end. Please check that you are sending data from SEP to CloudSOC. Can you upload a screenshot of the status page? As well as the details page? And a picture of the text box that appears when you hover over the status bubble?

One of the most common things to forget is on page 5 of the attached, adding the firewall rule to allow SEPM to send logs to CloudSOC.

Thanks,
Olin
Original Message:
Sent: 07-27-2020 09:40 AM
From: bruna rodrigues
Subject: Integration CloudSOC X SEP

Olin,


I made this configuration on 17-07, it's been 5 days since I got the error return. Do you have any idea what I can do?
Original Message:
Sent: 07-24-2020 11:00 AM
From: Olin Basinger
Subject: Integration CloudSOC X SEP

Bruna,

So long as it is in processing, it is processing. You will receive and error or a completion once it is finished. Unfortunately there isn't an easy way to look into the exact status.

Thanks!
Olin
Original Message:
Sent: 07-24-2020 09:05 AM
From: bruna rodrigues
Subject: Integration CloudSOC X SEP

Hi guys,


Two days ago we carried out the integration of CloudSOC x SEP, configured the SEP policy and forwarded the logs to SpanVA that we already have and that houses other logs. we added a new data source in the clousoc syslog BSD protocol but the status is pending data. Is there any way to validate? what can be wrong?


Thanks;

Please, take a look at my recent post:
https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewthread?GroupId=2791&MessageKey=9792238b-7944-467e-aad2-235c8a14bec1&CommunityKey=6b86e47e-31d4-4898-95b2-d3e8a135b59d&tab=digestviewer

Could be that you also have a problem with outdated configuration for flex, for SEPM.

V.

------------------------------
Net++ technology d.o.o.
------------------------------

Original Message:
Sent: 07-24-2020 09:05 AM
From: bruna rodrigues
Subject: Integration CloudSOC X SEP

Hi guys,


Two days ago we carried out the integration of CloudSOC x SEP, configured the SEP policy and forwarded the logs to SpanVA that we already have and that houses other logs. we added a new data source in the clousoc syslog BSD protocol but the status is pending data. Is there any way to validate? what can be wrong?


Thanks;