Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting Started > Security Information and Event Management (SIEM) integration
Security Information and Event Management (SIEM) integration
Administrator Help | Forcepoint Email Security | Version 8.5.x
Third-party security information and event management (SIEM) tools allow the logging and analysis of internal alerts generated by network devices and software. Integration with SIEM technology allows the transfer of message activity events to a SIEM server for analysis and reporting.
Third-party SIEM providers may not support FIPS 140-2 Level 1 certified cryptography. Contact your SIEM provider for more information about FIPS-certified cryptography.
Access SIEM integration settings on the page Settings > General > SIEM Integration.
Enable and configure SIEM integration
1.
On the page SIEM Integration, mark the check box Enable SIEM integration for all email appliances.
SIEM configuration settings are enabled for editing.
2.
In the entry field IP address or hostname, enter the IP address or hostname for the SIEM integration server.
3.
In the entry field Port, enter the port number for the SIEM integration server.
The default is 514.
4.
From the section Transport protocol, select the protocol used for data transport; UDP or TCP.
User datagram protocol (UDP) is a transport layer protocol in the Internet protocol suite. UDP is stateless and therefore faster than transmission control protocol (TCP), but can be unreliable. Like UDP, TCP is a transport layer protocol, but provides reliable, ordered data delivery at the expense of transport speed.
 
Tip 
5.
From the pull-down menu SIEM format, select the format to be used in SIEM logs.
The format determines the syntax of the string used to pass log data to the integration.
*
*
*
6.
Check the SIEM Server log entries to verify that the test message is delivered.
7.
The SIEM configuration settings are saved. See SIEM: Email Logs.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting Started > Security Information and Event Management (SIEM) integration
Copyright 2022 Forcepoint. All rights reserved.