SIEM Integration
In the field of computer security, security information and event management (SIEM), software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.
FileCloud allows system administrators to integrate FileCloud's system alerts and auditing with external SIEM systems, enabling them to monitor all alerts and potential security issues in one place.
FileCloud SIEM Configuration
To configure SIEM Integration Settings
|
The following options are available:
Option | Description |
---|---|
Enable SIEM Integration | Turns SIEM integration ON or OFF |
SIEM Integration method | Specifies the SIEM Integration method. Following options are available:
Note: SIEM software providers should specify supported integration methods in the SIEM documentation. |
SIEM Server Host (TCP and UDP integration only) | URL or IP Address of the SIEM server. |
SIEM Server Port (TCP and UDP integration only) | Port exposed by the SIEM Server for the given socket connection. |
SIEM Message Format | Specifies the SIEM Message format. The following formats are available:
NOTE: SIEM software provider should specify supported formats in the SIEM documentation. |
LEEF Version (LEEF Format only) | Specifies the version of the LEEF format message. Available versions:
|
LEEF Message Delimiter (LEEF Format only) | The delimiter to be used for LEEF messages. The options are whitespace and tab. Choose the option that is compatible with the SIEM tool you are using. |
Enable Audit Trail | Specifies whether Audit records should be processed and send to the SIEM Server. Please check the Managing SIEM mappings section for more details. |
Enable System Alert Trail | Specifies whether System Alerts generated within FileCloud should be processed and send to the SIEM Server. Please check the Managing SIEM mappings section for more details. |
Test Connection (TCP and UDP integration only) | Tests connection to the server specified by the Host and Port. NOTE: All settings have to be saved first. Connection tests are based on the currently saved settings. |
Send Test Message | Sends a test message in the given format (CEF/LEEF) to the SIEM server specified by the Host and Port or saves a test message to the Syslog. NOTE: All settings have to be saved first. Connection tests are based on the currently saved settings. |
Validate Mappings | Validates all defined mappings. Please check the Managing SIEM mappings section for more details. |