This is the right code for you if you're planning on issuing EDR commands from XSOAR via calling endpoints of https://api.sep.securitycloud.symantec.com
Note
see corresponding vendor documentation under https://apidocs.securitycloud.symantec.com/ > "Symantec™ Endpoint Security (SES)"; so not the other Symantec EDR variant (which is hosted on prem, exposing API endpoints containing /atpapi/) (the structure/routes of those APIs are NOT identical/closely related/easily interchangeable)
the non-cloud equivalent would be: https://github.com/demisto/content/tree/master/Packs/SymantecEDR/Integrations/SymantecEDR
When creating a new instance of this integration, you'll need to provide the following required parameters:
- a target URL where the API routes are hosted (
https://api.sep.securitycloud.symantec.comby default) - an OAuth client token
Tip
I had to prepend the OAuth token with Basic to make it work
Warning
you're getting 403's when testing an instance and you're sure it's not the creds?
- you might have to switch your config to a more specific subdomain depending on your location, e.g.
https://api.sep.eu.securitycloud.symantec.cominstead ofhttps://api.sep.securitycloud.symantec.com - the reason for the 403's is that the Python
requestslibrary strips auth headers on redirects to prevent leakage, so once your requests arrive at their destination, they're unauthenticated - if you're unsure what subdomain you need and can't figure it out by trial and error, it might make sense to either debug with curl (outside of XSOAR) or override
requestsfunctionality so that the prepared requests (containing the target host you're being redirected to) during redirects are emitted to a debug log
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent