Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting started with SIEM Integration
Getting started with SIEM Integration
Forcepoint Cloud Protection Solutions | Getting started with SIEM Integration
Administrators using Forcepoint Web Security Cloud or Forcepoint Email Security Cloud have the option to download reporting data for use by a third-party Security Information and Event Management (SIEM) solution.
Once you have enabled SIEM logging in the Forcepoint Cloud Security Gateway Portal, also referred to as the cloud portal, you can schedule a regular process to download the logs and save them to a location of your choice. Logs stored by Forcepoint are retained in the cloud service for 14 days.
 
Important 
Follow the steps in this paper to set up and use SIEM logging. See:
1.
Setting up SIEM integration provides step-by-step instructions for setting up SIEM logging in the cloud portal, accessing the log files, and understanding the sample download script.
2.
Schedule log file download for Forcepoint storage describes the issues you must be aware of when downloading the logs, and how to schedule the download process when Forcepoint storage has been selected.
3.
File format definition for SIEM logging describes the contents of a log file, with examples.
If you encounter unexpected issues while setting up SIEM logging, see Troubleshooting SIEM logging using Forcepoint storage.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting started with SIEM Integration
Copyright 2022 Forcepoint. All rights reserved.