Start FileCloud FREE Trial
Log in

SIEM Integration

Security information and event management (SIEM) products and services provide analysis of security alerts generated by applications and network hardware. 

FileCloud can integrate its system alerts and auditing with external SIEM systems, enabling you to monitor all alerts and potential security issues in one place.

Open the SIEM settings page

  1. In the FileCloud admin portal's left navigation bar, scroll down and click Settings. Then, on the Settings navigation page, click Third Party Integrations .
  2. In the inner navigation bar on the left of the Third Party Integrations page, expand the Third Party Integrations menu, and click SIEM, as shown below.

    The SIEM settings page opens.

Set up SIEM

  1. To activate SIEM integration, click the grayed out Enable SIEM integration button. 


    SIEM integration fields appear. 

  2. Modify the settings using the information in the following table.
    OptionDescription
    SIEM integration method

    Specifies the SIEM Integration method. Following options are available:

    • TCP Receiver - messages are sent to the specified SIEM server endpoint (host and port) via TCP socket connection
    • UDP Receiver - messages are sent to the specified SIEM server endpoint (host and port) via UDP socket connection
    • Syslog - messages are written directly to the Syslog, which can be imported by the SIEM server

    Note: SIEM software providers should specify supported integration methods in the SIEM documentation.

    SIEM server host (TCP and UDP integration only)URL or IP Address of the SIEM server.
    SIEM server port (TCP and UDP integration only)Port exposed by the SIEM Server for the given socket connection.
    SIEM message format

    Specifies the SIEM Message format. The following formats are available:

    • CEF - Common Event Format
    • LEEF - Log Event Extended Format.
      If you select LEEF the fields LEEF Version and LEEF Message Delimiter also appear:

    NOTE: SIEM software provider should specify supported formats in the SIEM documentation.

    LEEF version (LEEF Format only)

    Specifies the version of the LEEF format message. Available versions:

    • 1.0
    • 2.0
    LEEF message delimiter  (LEEF Format only)The delimiter to be used for LEEF messages. The options are whitespace and tab. Choose the option that is compatible with the SIEM tool you are using.
    Enable audit trail

    Specifies whether Audit records should be processed and send to the SIEM Server. Please check the Managing SIEM mappings section for more details.

    Enable system alert trail

    		Specifies whether System Alerts generated within FileCloud should be processed and send to the SIEM Server. Please check the Managing SIEM mappings section for more details.
    Test connection (TCP and UDP integration only)

    Tests connection to the server specified by the Host and Port.

    NOTE: All settings have to be saved first. Connection tests are based on the currently saved settings.

    Send test message

    Sends a test message in the given format (CEF/LEEF) to the SIEM server specified by the Host and Port or saves a test message to the Syslog.

    NOTE: All settings have to be saved first. Connection tests are based on the currently saved settings.

    Validate mappingsValidates all defined mappings. Please check the Managing SIEM mappings section for more details.
  3. Click Save.