The Symantec SOC View App for Splunk gives Security Operations Analysts a cohesive view of the security posture of their network. This app provides business intelligence into the Symantec Integrated Cyber Defence Exchange (ICDx) data, which is a combination of multiple Symantec products deployed in your network.
The Technology Add-on (TA) helps in mapping and extracting various attributes of ICDx event types. The extractions include mapping to Common Information Model (CIM) data models as well. You can then use the extractions to populate various panels of dashboards in the SOC View App.
This document provides the overall specifications for the SOC View App and TA for Splunk built for Symantec, Inc. It contains details for installing, configuring, and troubleshooting the app and TA.
The SOC View App and TA are supported on the following versions of Splunk:
7.0.x
7.1.x
7.2.1
This SOC View App and TA are supported on the following versions of Symantec ICDx product
1.1.0 and after
The SOC View App requires installation of the SOC View TA
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.