Security Information and Event Management (SIEM) integration

Administrator Help | TRITON AP-EMAIL | Version 8.2.x

Third-party security information and event management (SIEM) tools allow the logging and analysis of internal alerts generated by network devices and software. Integration with SIEM technology allows the transfer of message activity events to a SIEM server for analysis and reporting.

Access SIEM integration settings on the Settings > General > SIEM Integration page. Mark the Enable SIEM integration check box to activate SIEM integration functions.

After you enable SIEM integration, use the following steps to configure the SIEM server and transport protocol:

Enter the IP address or hostname for the SIEM integration server in the IP address or hostname entry field.

Enter the port number for the SIEM integration server in the Port field. Default is 514.

Select the protocol used for data transport, either UDP or TCP. User datagram protocol (UDP) is a transport layer protocol in the Internet protocol suite. UDP is stateless and therefore faster than transmission control protocol (TCP), but it can be unreliable. Like UDP, TCP is a transport layer protocol, but it provides reliable, ordered data delivery at the expense of transport speed.

Click Send Test Message to confirm that the SIEM product is properly configured and can receive messages from your email software.