Symantec Threat Intelligence

Updated 10 months ago by Steven Chamales

This article explains how to configure the Symantec Threat Intelligence premium intelligence source in the TruSTAR platform.

Symantec Threat Intelligence provides real-time information on any file hash, domain, or IP address. Information includes reputation, threat name, prevalence, age, industry, geography, and related indicators. 

  • Source Type: Premium Intelligence
  • Update Type: Query-based
  • Update Frequency: 15 mins
  • Parser: no.
  • Time to install: 45 minutes


Getting Started

  1. Ask your TruSTAR account manager (e: to create a private enclave named <yourcompany> Symantec Threat Intel.
  2. Create a Service User Account in your Station Company Account with these permissions:
    1. View access for Enclaves that store indicators you intend to enrich with the Symantec intelligence source. (usually your private enclaves - ex: phishing, Splunk Threat Activity, Servicenow, Resilient enclaves)
    2. Full access to the <yourcompany> Symantec Threat Intel enclave created in step 1.
  3. Securely transfer the following information to your Symantec TI account manager:
  • API Key & Secret for the service user account created in Step 2.
  • Enclave IDs to be enriched. (step 2.a.)
  • Enclave ID for the <yourcompany> Symantec Threat Intel enclave. (step 2.b.)
  • Credentials for a Symantec TI service user account

Your Symantec TI account manager will notify you by email when integration is activated.


Q. How can I update my configurations?

A. Work with your Symantec TI account manager:

Known Issues

No reported issues.

Please contact your Symantec Threat Intel TAM for questions/issues with this integration.

How Did We Do?