Start FileCloud FREE Trial
Log in

SIEM Integration

SIEM Integration

SIEM Integration is available from FileCloud 19.2

In the field of computer security, security information and event management (SIEM), software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.

Since version 19.2, FileCloud has allowed system administrators to integrate FileCloud's system alerts and auditing with external SIEM systems, enabling them to monitor all alerts and potential security issues in one place.


FileCloud SIEM Configuration



If you select LEEF in the drop-down list for SIEM Message Format, the fields LEEF Version and LEEF Message Delimiter also appear:

To configure SIEM Integration Settings

  1. Open a browser and log into Admin Portal.
  2. In the left navigation panel, under SETTINGS, select Settings
  3. On the Manage Settings screen, select the Third Party Integrations tab.
  4. Select the SIEM tab.
  5. Modify settings as needed.
  6. Click Save.


The following options are available:

OptionDescription
Enable SIEM IntegrationTurns SIEM integration ON or OFF
SIEM Integration method

Specifies the SIEM Integration method. Following options are available:

  • TCP Receiver - messages are sent to the specified SIEM server endpoint (host and port) via TCP socket connection
  • UDP Receiver - messages are sent to the specified SIEM server endpoint (host and port) via UDP socket connection
  • Syslog - messages are written directly to the Syslog, which can be imported by the SIEM server

Note: SIEM software providers should specify supported integration methods in the SIEM documentation.

SIEM Server Host (TCP and UDP integration only)URL or IP Address of the SIEM server.
SIEM Server Port (TCP and UDP integration only)Port exposed by the SIEM Server for the given socket connection.
SIEM Message Format

Specifies the SIEM Message format. The following formats are available:

  • CEF - Common Event Format
  • LEEF - Log Event Extended Format

NOTE: SIEM software provider should specify supported formats in the SIEM documentation.

LEEF Version (LEEF Format only)

Specifies the version of the LEEF format message. Available versions:

  • 1.0
  • 2.0
LEEF Message Delimiter  (LEEF Format only)The delimiter to be used for LEEF messages. The options are whitespace and tab. Choose the option that is compatible with the SIEM tool you are using.
Enable Audit Trail

Specifies whether Audit records should be processed and send to the SIEM Server. Please check the Managing SIEM mappings section for more details.

Enable System Alert Trail

Specifies whether System Alerts generated within FileCloud should be processed and send to the SIEM Server. Please check the Managing SIEM mappings section for more details.
Test Connection (TCP and UDP integration only)

Tests connection to the server specified by the Host and Port.

NOTE: All settings have to be saved first. Connection tests are based on the currently saved settings.

Send Test Message

Sends a test message in the given format (CEF/LEEF) to the SIEM server specified by the Host and Port or saves a test message to the Syslog.

NOTE: All settings have to be saved first. Connection tests are based on the currently saved settings.

Validate MappingsValidates all defined mappings. Please check the Managing SIEM mappings section for more details.