Skip to main content

Symantec CloudSOC Event Collector

This Integration is part of the SymantecCloudSOC Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Gets Events from Symantec CloudSOC. This integration was integrated and tested with version 3.157 of Symantec CloudSOC.

Configure Symantec Cloud SOC Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Configurations > Data Collection > Automation & Feed Integrations.

  2. Search for Symantec Cloud SOC Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    Server URL (e.g.,
    Key IDTrue
    Key SecretTrue
    First fetch timeFalse
    Maximum number of incidents per fetchFalse
  4. Click Test to validate the URLs, token, and connection.

Symantec CloudSOC Event Collector collects the following event types:

  • Investigate logs
  • Detect incidents logs

API Limitations#

You cannot retrieve investigate logs that are older than 180 days. Therefore, if setting a first fetch that is more than 180 days, for investigate logs it will be a maximum of 180 days.


You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Gets events from Symantec CloudSOC.

Base Command#



Argument NameDescriptionRequired
should_push_eventsIf true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false.Required
limitMaximum number of results to return. Default is 1000.Optional

Context Output#

There is no context output for this command.