Symantec Endpoint Security (New pack) (#36694)

* folder structure * commit * commit * continue development * continue development * Add UTs * Add UT and add docstring for some functions and update Docker * pre-commit * add docstring * add UT and fix filter_duplicate_events function * add UTs * change the Client Secret to Token * add image * commit * add UTs * commit * commit * add UT * autopep8 * commit * more changes * commit * commit * corrections * commit end * update Docker and add UT * some comment corrections * some comment corrections * fix UTs * generated docs * comment corrections * comment corrections * Apply suggestions from code review docs review Co-authored-by: ShirleyDenkberg <[email protected]> * add link for more information to obtain the Token parameter * commit * ruff fix * change the test-module command * remove UT un-necessary * commit * comment corrections * comment corrections * comment correction --------- Co-authored-by: ShirleyDenkberg <[email protected]>
demisto · Nov 14, 2024 · ca114ad · ca114ad
1 parent 490678a
commit ca114ad
Show file tree

Hide file tree

Showing 10 changed files with 946 additions and 0 deletions.
diff --git a/Packs/SymantecEndpointSecurity/.pack-ignore b/Packs/SymantecEndpointSecurity/.pack-ignore
diff --git a/Packs/SymantecEndpointSecurity/.secrets-ignore b/Packs/SymantecEndpointSecurity/.secrets-ignore
diff --git a/Packs/SymantecEndpointSecurity/Integrations/SymantecEndpointSecurity/README.md b/Packs/SymantecEndpointSecurity/Integrations/SymantecEndpointSecurity/README.md
@@ -0,0 +1,38 @@
+Symantec Endpoint Security Event Collector for Cortex XSIAM.
+
+## Configure Symantec Endpoint Security on Cortex XSIAM
+
+1. Navigate to Settings > Configurations > Data Collection > Automations & Feed Integrations.
+2. Search for Symantec Endpoint Security.
+3. Click **Add instance** to create and configure a new integration instance.
+
+    | **Parameter** | **Required** |
+    | --- | --- |
+    | Server URL | True |
+    | OAuth credential | True |
+    | Stream ID | True |
+    | Channel ID | True |
+    | Fetch interval in seconds | True |
+    | Use system proxy settings | False |
+    | Trust any certificate (not secure) | False |
+
+4. Click **Test** to validate the URLs, token, and connection.
+
+
+### To generate a token for the ***Token*** parameter:
+
+1. Log in to the Symantec Endpoint Security console.
+2. Click **Integration** > **Client Applications**.
+3. Choose `Add Client Application`.
+4. Choose a name for the application, then click `Add`. The client application details screen will appear.
+5. Click `⋮` and select `Client Secret`.
+6. Click the ellipsis and select **Client Secret**.
+7. Click the `copy` icon next to `OAuth Credentials`.
+
+For more information on obtaining *OAuth Credentials*, refer to [this documentation](https://apidocs.securitycloud.symantec.com/#/doc?id=ses_auth) or watch [this video](https://youtu.be/d7LRygRfDLc?si=NNlERXtfzv4LjpsB).
+
+**Note:** 
+
+- No need to generate the bearer token, the integration uses the provided `OAuth Credentials` to generate one.
+- The `test_module` test checks only the validity of the `OAuth credential` parameter and does not validate the `Channel ID` and `Stream ID` parameters.
+- Fetching events that occurred at a specific time may be delayed due to delays in event ingestion on Symantec's side.