This article details the steps to set up your integration with Syslog and Sharetru.
Note: Do not toggle the Enable to "on" until you have filled out the form illustrated below and completed a test of the connection.
Use the SIEM "Select Service..." dropdown and select Syslog..png?width=688&height=188&name=image-20240716-215759(1).png)
Next, select the Format.
Note: For RFC3164, RFC5424 and LEEF formats, the Facility is set to 11 for File events and 13 for administration events. The Severity is set to 6 for most events and 3 for events where an error occurred.
To view an example of the SIEM test message click the link button.
After configuring your format you will need to select the Protocol, Hostname or IP address, and Port.
You may choose from HTTPS, TLS, TCP or UDP. We recommend TLS and HTTPS for security or TCP if TLS and HTTPS is not available for your SIEM instance.
We will send up to 100 events per message except for UDP, UDP will be on event per message.
If HTTPS, or TLS is selected you will have the option to utilize a signed certificate.
Alternatively, if you are using a self-signed certificate you should toggle this off.
For HTTPS, optional: Enter the path component and any query string parameters for the HTTPS endpoint:
For HTTPS, optional: Enter HTTP headers to send with the request. Separate each header with a new line:
After the form is completed click "Save".
Now, you will need to test the connection. Click the "Test Connection" button.
If the connection is successful you will receive a message verifying that result.
*You should verify that the message was received by your SIEM tool. *
However, if the connection is not successful you will receive a message regarding the failure.
After successfully completing the test you may toggle the "Enable" switch on and then click "Save".
This will finalize the SIEM integration set up.
.png?width=688&height=664&name=image-20240716-184123(1).png)