How to integrate a SIEM server with a tenant

  • 1 minute(s) read
Prev Next

This document provides information on how to add SIEM integrations to a tenant in Cloud Security.

Requirements

  • User with the Cloud Security - Tenant Administrator role.
  • One or more SIEM sockets configured in a third-party service.

Integrate a SIEM server with a tenant

To integrate a SIEM server with a tenant, see the following steps:

  1. Access Cloud Security.
  2. Click the User menu icon located on the top right corner of your screen.
  3. In the dropdown menu, click Settings.
  4. In the Settings menu, click Admin console.
  5. In the Tenant settings section, click SIEM Servers.
  6. Click + Add.
  7. In the Name * field, enter a name for the SIEM integration.
  8. In the Address * field, choose between:
    • DNS: enter the full hostname of the SIEM socket.
    • IPv4: enter the SIEM socket’s IP address.
  9. In the Port * field, enter the listener port to receive the logs.
  10. In the Protocol * field, select the protocol between TCP and UDP.
  11. In the Message type * field, select the message type between CEF and Syslog.
  12. In the Use TLS * field, select if TLS handshake should be used for communication with the SIEM socket.
  13. Click Add.

After completing these steps, the SIEM Servers report will display the new SIEM integration.