CloudSOC CASB Gateway

Expand all | Collapse all

Integration CloudSOC X SEP

  • 1.  Integration CloudSOC X SEP

    Posted 07-24-2020 09:06 AM
    Hi guys,


    Two days ago we carried out the integration of CloudSOC x SEP, configured the SEP policy and forwarded the logs to SpanVA that we already have and that houses other logs. we added a new data source in the clousoc syslog BSD protocol but the status is pending data. Is there any way to validate? what can be wrong?


    Thanks;


  • 2.  RE: Integration CloudSOC X SEP

    Broadcom Employee
    Posted 07-26-2020 08:02 PM
    Bruna,

    So long as it is in processing, it is processing. You will receive and error or a completion once it is finished. Unfortunately there isn't an easy way to look into the exact status.

    Thanks!
    Olin


  • 3.  RE: Integration CloudSOC X SEP

    Posted 07-27-2020 09:40 AM
    Olin,


    I made this configuration on 17-07, it's been 5 days since I got the error return. Do you have any idea what I can do?


  • 4.  RE: Integration CloudSOC X SEP

    Broadcom Employee
    Posted 07-27-2020 11:45 AM
      |   view attached
    Bruna,

    My apologies, I thought you said the status was "processing" and not "pending data". Pending data means that there isn't any data coming from the SEP end. Please check that you are sending data from SEP to CloudSOC. Can you upload a screenshot of the status page? As well as the details page? And a picture of the text box that appears when you hover over the status bubble? 

    One of the most common things to forget is on page 5 of the attached, adding the firewall rule to allow SEPM to send logs to CloudSOC.

    Thanks,
    Olin


  • 5.  RE: Integration CloudSOC X SEP

    Broadcom Employee
    Posted 07-28-2020 12:04 PM
    Bruna,

    Yes, this shows that CASB is not receiving anything from SEPM. It looks like you are trying to send directly and are not using SpanVA. Please make sure you are able to send to CloudSOC. You'll need to make sure the following IP addresses are whitelisted in your firewall:

    52.53.104.60

    52.8.70.133

    52.63.24.135

    52.63.14.84