Integrations guide Fidelis Endpoint SIEM Integrations Guide Version www ?delissecurity com CCopyright ? ?? Fidelis Cybersecurity All rights reserved worldwide Fidelis Cybersecurity East West Highway Suite Bethesda MD Fidelis Endpoint SIEM Integrations Gui
Fidelis Endpoint SIEM Integrations Guide Version www ?delissecurity com CCopyright ? ?? Fidelis Cybersecurity All rights reserved worldwide Fidelis Cybersecurity East West Highway Suite Bethesda MD Fidelis Endpoint SIEM Integrations Guide Revised February Users are granted permission to copy and or distribute this document in its original electronic form and print copies for personal use This document cannot be modi ?ed or converted to any other electronic or machine-readable form in whole or in part without prior written approval of Fidelis Cybersecurity While we have done our best to ensure that the material found in this document is accurate Fidelis Cybersecurity makes no guarantee that the information contained herein is error free All third- party brand names and product names referenced in this documentation are trade names service marks trademarks or registered trademarks of their respective owners Fidelis Endpoint SIEM Integrations Guide ii www ?delissecurity com CTable of Contents Integrating with SIEM Applications Exporting Log and Result Information to SIEM Applications About Creating a Custom Export Con ?guration Integrating Fidelis Endpoint and ArcSight Installing the ArcSight Connector Con ?guring Fidelis Endpoint to Export Information to ArcSight Con ?guring ArcSight Console Testing the ArcSight Integration Integrating Fidelis Endpoint and QRadar Con ?guring Fidelis Endpoint to Export Information to QRadar Con ?guring the Fidelis Endpoint DSM in QRadar Con ?guring Actions to Launch Script Tasks Con ?guring the Log Source in QRadar Testing the QRadar Integration Integrating Fidelis Endpoint and McAfee Enterprise Security Manager Preparing for Remote Command Integration Setting up the Fidelis Endpoint Data Source Setting up Device URL Integration Con ?guring a Remote Command URL Integration Con ?guring a Remote Command SSH API Integration Con ?guring Alarms to Execute a Command Manually Executing a Remote Command Technical Support Getting Help Other Documentation Fidelis Endpoint SIEM Integrations Guide iii www ?delissecurity com CIntegrating with SIEM Applications You can use the information in this section to integrate Fidelis Endpoint with SIEM Security Information and Event Management applications Note For information about con ?guring a third-party SIEM application to integrate with Fidelis Endpoint refer to integrations in this guide and contact support for Fidelis Endpoint Exporting Log and Result Information to SIEM Applications Using syslog you can export log and activity data from Fidelis Endpoint to SIEM applications usually ArcSight or QRadar in either of the following formats ? Common Event Format CEF ? Log Event Extended Format LEEF You can export log and activity data from Fidelis Endpoint as a ?le on disk or using a hostname port via User Datagram Protocol UDP by con ?guring the SyslogCon ?guration json ?le to export ? Alerts ? Task Results aka Job Results from running a script package ? System Logs ? Server Health Logs ? Activity Logs aka Audit Logs To con ?gure exporting log and result information On the Windows Server navigate to ProgramData Fidelis Endpoint Shared and open the SyslogCon ?guration json ?le in a text editor IMPORTANT There is also a SyslogCon ?gurationDefault json ?le in the folder that contains
Documents similaires
-
47
-
0
-
0
Licence et utilisation
Gratuit pour un usage personnel Attribution requise- Détails
- Publié le Jan 11, 2021
- Catégorie Administration
- Langue French
- Taille du fichier 94.6kB