SIEM (Security Information and Event Management) refers to a comprehensive approach to security management that combines Security Information Management (SIM) and Security Event Management (SEM) into a single system. SIEM systems are designed to collect, analyze, and correlate security event data from various sources within an organization’s network infrastructure.
SIEM Integration facilitates the transfer of the events logs from the subscribed point products to the configured SIEM server.
The Super Admin and Admin User have access to this feature.
This feature works with many SIEM vendors supporting CEF and LEEF formats.
On this page, in the configuration section,
- Select SIEM Server.
- Enter SIEM Server IP or URL.
- Enter SIEM Server Port Number.
- Select the Protocol (TCP or UDP).
- Select the Data Fformat (LEEF or CEF).
Note ☛
The data formats supported are LEEF (Log Event Extended Format) and CEF (Common Event Format) only.
In the Event Selection section,
- The events list is displayed as per your EPS product license.
- Click Test. The success message appears if the connection to the SIEM server is successful.
- Click Apply. The configuration success message appears.
The SIEM Server settings are applied successfully.
Note ☛
The data of only selected events will be uploaded to the configured SIEM Server.Note ☛
The SIEM Server configuration currently supports ZTNA, Seqrite XDR, and EPS.