SIEM Integration helps to push all the events logs from Seqrite Endpoint Protection server to the configured SIEM server. This feature is accessible for Admin User only.
This feature works with many SIEM vendors that support CEF and LEEF formats.
On this page, provide the credentials of the SIEM Server. Then, select the events of which the data will be pushed to the SIEM server.
You can view the event logs on the configured SIEM server.
To push the event data to the SIEM server, follow these steps.
- Log on to the Seqrite Endpoint Protection.
- Go to Admin > SIEM Integration.
- In SIEM Configuration, select the Enable SIEM Settings check box.
- Enter Syslog Server IPURL.
- Enter SIEM Server Port number between 1 and 65535.
- Select Protocol either UDP or TCP.
-
Select Data format either LEEF or CEF.
Note:
The data formats supported are LEEF (Log Event Extended Format) and CEF (Common Event Format) only. - In the Event Selection section, select the events as required. The events list is displayed as per your Seqrite Endpoint Protection product license.
- Click Test. The success message appears if the connection to the SIEM server is successful.
-
Click Apply. The configuration success message appears.
The SIEM Server is configured successfully.
Note:
The data of only selected events will be uploaded to the configured SIEM Server. For more details related to SIEM payload please refer to the online help The encryption key is sent in encrypted format, however, the users can view it in a well structured format in the Reports section.
<!DOCTYPE html>
| Sr.No. | Module | Key | Value |
|---|---|---|---|
| 1 | Virus Protection | VP1 | Access denied |
| 2 | VP0 | None | |
| 3 | VP2 | Failed to deny access | |
| 4 | VP3 | Repaired | |
| 5 | VP6 | Delete failed | |
| 6 | VP5 | Deleted | |
| 7 | VP4 | Repair failed | |
| 8 | VP7 | Quarantined | |
| 9 | VP8 | Quarantine failed | |
| 10 | VP9 | File is repaired | |
| 11 | VP10 | File is skipped | |
| 12 | VP11 | Skipped | |
| 13 | VP12 | File is deleted | |
| 14 | VP13 | File is marked for deletion | |
| 15 | VP14 | File is marked for cleanup | |
| 16 | VP15 | File is clean | |
| 17 | VP17 | Scanner | |
| 18 | VP16 | File is quarantined | |
| 19 | VP18 | Virus Protection | |
| 20 | VP19 | Email Protection | |
| 21 | VP20 | Startup Scan | |
| 22 | VP21 | Office Protection | |
| 23 | VP22 | Scheduler | |
| 24 | VP23 | Quick Update | |
| 25 | VP24 | Memory Scan | |
| 26 | VP25 | Anti Ransomware | |
| 27 | VP26 | Allow | |
| 28 | AntiMalware | AM2 | Clean |
| 29 | AM1 | Skip | |
| 30 | AM3 | Mark For Deletion | |
| 31 | AM5 | Password Recovery Tool | |
| 32 | AM9 | Rogue Security Software | |
| 33 | AM7 | Adware Bundler | |
| 34 | AM14 | Toolbar | |
| 35 | AM6 | Keylogger | |
| 36 | AM8 | English | |
| 37 | AM15 | Potentially Unwanted Program | |
| 38 | AM18 | Adware | |
| 39 | AM17 | P2P Program | |
| 40 | AM16 | Remote Control | |
| 41 | AM19 | Potentially Dangerous Tool | |
| 42 | AM20 | Trojan | |
| 43 | AM13 | Commercial Remote Control Tool | |
| 44 | AM10 | Remote Control Tool | |
| 45 | AM11 | Potentially Unwanted App | |
| 46 | AM4 | Rogue Security Program | |
| 47 | AM12 | PUPS | |
| 48 | Web Security/ GAC/YAC | WS1 | Blocked |
| 49 | WS2 | Attacker’s IP blocked | |
| 50 | WS3 | System Disconnected from Network |