Symantec Threat Intelligence
This article explains how to configure the Symantec Threat Intelligence premium intelligence source in the TruSTAR platform.
Symantec Threat Intelligence provides real-time information on any file hash, domain, or IP address. Information includes reputation, threat name, prevalence, age, industry, geography, and related indicators.
- Source Type: Premium Intelligence
- Update Type: Query-based
- Update Frequency: 15 mins
- Parser: no.
- Time to install: 45 minutes
Requirements
- A subscription to Symantec Threat Intelligence
- Symantec Threat Intel API Key
- A Station user account with Company Administrator role.
Getting Started
- Ask your TruSTAR account manager (e: support@trustar.co) to create a private enclave named <yourcompany> Symantec Threat Intel.
- Create a Service User Account in your Station Company Account with these permissions:
- View access for Enclaves that store indicators you intend to enrich with the Symantec intelligence source. (usually your private enclaves - ex: phishing, Splunk Threat Activity, Servicenow, Resilient enclaves)
- Full access to the <yourcompany> Symantec Threat Intel enclave created in step 1.
- Securely transfer the following information to your Symantec TI account manager:
- API Key & Secret for the service user account created in Step 2.
- Enclave IDs to be enriched. (step 2.a.)
- Enclave ID for the <yourcompany> Symantec Threat Intel enclave. (step 2.b.)
- Credentials for a Symantec TI service user account
Your Symantec TI account manager will notify you by email when integration is activated.
FAQ
Q. How can I update my configurations?
A. Work with your Symantec TI account manager: threatintelsupport@broadcom.com
Known Issues
No reported issues.