SIEM Integration helps to push all the events logs from Seqrite Endpoint Protection server to the configured SIEM server. This feature is accessible for Admin User only.
This feature works with many SIEM vendors that support CEF and LEEF formats.
On this page, provide the credentials of the SIEM Server. Then, select the events of which the data will be pushed to the SIEM server.
You can view the event logs on the configured SIEM server.
To push the event data to the SIEM server, follow these steps.
- Log on to the Seqrite Endpoint Protection.
- Go to Admin > SIEM Integration.
- In SIEM Configuration, select the Enable SIEM Settings check box.
- Enter Syslog Server IPURL.
- Enter SIEM Server Port number between 1 and 65535.
- Select Protocol either UDP or TCP.
-
Select Data format either LEEF or CEF.
Note:
The data formats supported are LEEF (Log Event Extended Format) and CEF (Common Event Format) only. - In the Event Selection section, select the events as required. The events list is displayed as per your Seqrite Endpoint Protection product license.
- Click Test. The success message appears if the connection to the SIEM server is successful.
-
Click Apply. The configuration success message appears.
The SIEM Server is configured successfully.
Note:
The data of only selected events will be uploaded to the configured SIEM Server. For more details related to SIEM payload please refer to the KB Article.