Server Administration for Web Protection Solutions > Integrating with a third-party SIEM solution
|
1.
|
Click Add to open a new window where you will continue configuring your SIEM integration.
|
2.
|
Provide the IP address or hostname of the machine hosting the SIEM product, as well as the communication Port to use for sending SIEM data.
|
3.
|
Specify the Transport protocol (UDP or TCP) to use when sending data to the SIEM product.
|
4.
|
Select the SIEM format to use. This determines the syntax of the string used to pass log data to the integration.
|
|
If you select Custom, a text box is displayed. Enter or paste the string that you want to use. Click View SIEM format strings for a set of sample strings to use as a reference or template.
|
|
If you select a non-custom option, a sample Format string showing fields and value keys is displayed.
|
5.
|
1.
|
Check Enable SIEM integration for audit log data for this Policy Server to enable the feature.
|
2.
|
Provide the IP address or hostname of the machine hosting the SIEM product, as well as the communication Port to use for sending the audit log data.
|
3.
|
Specify the Transport protocol (UDP or TCP) to use when sending audit log data to the SIEM product.
|
4.
|
Select the SIEM format to use. This determines the syntax of the string used to pass audit log data to the integration.
|
|
If you select Custom, enter or paste the string that you want to use in the text box that displays. Click View SIEM format strings for samples to use as a reference.
|
|
If you select a non-custom format, a sample Format string displays.
|
5.
|
Server Administration for Web Protection Solutions > Integrating with a third-party SIEM solution
|