Documentation
|
Support
Getting started with SIEM Integration
: File format definition for SIEM logging
File format definition for SIEM logging
Forcepoint Web Security Cloud | Getting started with SIEM Integration
The log files downloaded from the cloud service are comma-separated value (CSV) files. Each file contains multiple lines, with one request per line.
Each line includes the reporting record attributes selected using the cloud portal. Attribute and Metric selection options are determined by the data type selected (Web Security or Email Security) and the number of columns is limited to 35 for Web Security and 25 for Email security log data.
Filters defined in the cloud portal are applied to the reporting data before it is exported.
Limitations
The following limitations apply when data is sent to a SIEM integration.
When name changes are made to policies, custom categories, groups, or other configuration settings that have been selected for inclusion in the SIEM data, there is a short delay before the new name is included. The entity is listed as an ID number during the delay period.
Backlog files created when processing issues occur will be processed starting with the oldest file when processing recovers.
If the Advanced Malware Detection for Web module is used, AMD generated data is not forwarded correctly to the SIEM output.
Encryption for AWS S3 buckets is not supported.
Getting started with SIEM Integration
: File format definition for SIEM logging
Copyright 2022 Forcepoint. All rights reserved.