Web Security Server Administration > Integrating with a third-party SIEM solution
|
1.
|
Select Enable SIEM integration for this Policy Server to turn on the SIEM integration feature.
|
2.
|
Provide the IP address or hostname of the machine hosting the SIEM product, as well as the communication Port to use for sending SIEM data.
|
3.
|
Specify the Transport protocol (UDP or TCP) to use when sending data to the SIEM product.
|
4.
|
Select the SIEM format to use. This determines the syntax of the string used to pass log data to the integration.
|
|
If you select Custom, a text box is displayed. Enter or paste the string that you want to use. Click View SIEM format strings for a set of sample strings to use as a reference or template.
|
|
If you select a non-custom option, a sample Format string showing fields and value keys is displayed.
|
5.
|
Web Security Server Administration > Integrating with a third-party SIEM solution
|