Web Security Service

English

Integrate With CloudSOC (CASB)

Symantec
 provides two CASB integration solutions with the
Web Security Service
:
  • CASB Gatelets—Full
    WSS
     web security solution with enhanced web application from the CloudSOC service.
  • CASB Gateway—CASB-only solution where CloudSOC receives user identity and traffic from
    WSS
    .
After you obtain the CASB license, you must perform the task to integrate the
Web Security Service
 with the CloudSOC portal.
For more information about this integration, including currently known limitations, see About the CASB Integration.

Technical Requirements

  • When you purchase the CASB license, the admin on record receives an e-mail from
    Symantec
     that contains the
    Integration ID
    . You must have this ID to register. The Integration ID is
    not
     the same number as your
    WSS
     Subscription ID.
  • This procedure describes how to integrate with an existing CloudSOC portal account. If you have not onboarded CloudSOC, do so before continuing with this procedure.

Procedure

  1. Navigate to
    Account Configuration > Products & Licensing
    .
  2. In the
    Linked Products
     area, click
    CloudSOC CASB
    .
  3. Define the integration information.
    Elastica Audit company ID
    1. Enter your
      Company Domain
      .
    2. Enter the
      Integration ID
       sent you by Symantec.
    3. IMPORTANT
      —Select the appropriate
      Data Storage Location
       for your location. You cannot change this value after setup.
    4. Select how many
      Months of Data to Track
      . The current maximum is 3, which means you can view reports that contain data from at the most the three previous months.
    5. Click
      Save
      .

CASB Gatelets Solution Only

The following sub-sections apply only to the CASB Gatelets solution only. If you have the CASB Gateway solution, continue with the CloudSOC documentation topics.
Web Application Policy
As web traffic begins flowing through your network, you now have the ability to define granular block/allow and actions on the tens of thousands of detected web applications.
View CASB-Related Reports
As your
WSS
 account processes traffic, you can view specific reports that provide insight to web application traffic traversing your network.
Navigate to
Report Center
. The following reports contain reports enhanced by the CASB Audit Service.
  • Applications by User
  • Applications by Client IP
  • Blocked Web Applications
  • Web Application Actions
Add Reporting Users
WSS
 Administrators can add other users and designate them as Reporting Users. These users can only view reports; they cannot change configuration settings. When a Reporting User accesses the
Elastica
 Audit Service from the
WSS
 portal, the audit service uses the credentials to create a Reporting User role.
Add new users on the
Account Configuration > Administrators
 page.
For more information about roles, see:
Access the CASB Audit App
The top of
WSS
 portal has a drop-down arrow next to your Admin name. Select
Cloud App Audit
.
Elastica Link
When you click this link, the CloudSOC opens in a new browser tab.
The Dashboard displays high-level data. Click
Store
.
CASB Store
This is where you enable web applications and define domains and policies that are then sent to the
WSS
 portal and made available in policies.
To learn more about implementing web application configurations and monitoring user activities, consult the CloudSOC Help system and other relevant Symantec documentation.

Delete the CloudSOC Integration

You can delete the
WSS
/CloudSOC integration. Be advised that this might cause adverse issues with other components.
Symantec
 will provide best practices as they are developed.
Click
CASB CloudSOC
 in the
Linked Products
 area.
Click
Delete Integration
.