Symantec Threat Intelligence

Updated 2 years ago by Steven Chamales

This article explains how to configure the Symantec Threat Intelligence premium intelligence source in the TruSTAR platform.

Symantec Threat Intelligence provides real-time information on any file hash, domain, or IP address. Information includes reputation, threat name, prevalence, age, industry, geography, and related indicators. 

  • Source Type: Premium Intelligence
  • Update Type: Query-based
  • Update Frequency: 15 mins
  • Parser: no.
  • Time to install: 45 minutes


Getting Started

  1. Ask your TruSTAR account manager (e: to create a private enclave named <yourcompany> Symantec Threat Intel.
  2. Create a Service User Account in your Station Company Account with these permissions:
    1. View access for Enclaves that store indicators you intend to enrich with the Symantec intelligence source. (usually your private enclaves - ex: phishing, Splunk Threat Activity, Servicenow, Resilient enclaves)
    2. Full access to the <yourcompany> Symantec Threat Intel enclave created in step 1.
  3. Securely transfer the following information to your Symantec TI account manager:
  • API Key & Secret for the service user account created in Step 2.
  • Enclave IDs to be enriched. (step 2.a.)
  • Enclave ID for the <yourcompany> Symantec Threat Intel enclave. (step 2.b.)
  • Credentials for a Symantec TI service user account

Your Symantec TI account manager will notify you by email when integration is activated.


Q. How can I update my configurations?

A. Work with your Symantec TI account manager:

Known Issues

No reported issues.

Please contact your Symantec Threat Intel TAM for questions/issues with this integration.

How Did We Do?