The Symantec SOC View App for Splunk gives Security Operations Analysts a cohesive view of the security posture of their network. This app provides business intelligence into the Symantec Integrated Cyber Defence Exchange (ICDx) data ,which is a combination of multiple Symantec products deployed in your network.
The Technology Add - on (TA) helps in mapping and extracting various attributes of ICDx event types. The extractions include mapping to Common Information Model (CIM) data models as well. You can then use the extractions to populate various panels of dashboards in the SOC View App. This document provides the overall specifications for the SOC View App and TA for Splunk built for Symantec, Inc. It contains details for installing, configuring, and troubleshooting the app and TA.
The SOC View App and TA are supported on the following versions of Splunk:
•7.0.x
•7.1.x
•7.2.1
This SOC View App and TA are supported on the following versions of Symantec ICDx product
•1.2.0
•1.1.0