Views:

Share XDR data with your syslog server by configuring the generic syslog connector.

The syslog connector is a generic SIEM connector, which allows you to send XDR data to your SaaS or cloud-based syslog server. The connector supports multiple syslog server connections.
For syslog CEF mapping, see Syslog content mapping - CEF.
Category
Vendor
Associated Apps
SIEM
Not applicable
  • Workbench
  • Observed Attack Techniques

Procedure

  1. Go to Workflow and AutomationThird-Party Integration.
  2. Click Syslog Connector (SaaS/Cloud).
  3. In the Syslog Connector (SaaS/Cloud) screen, enable Syslog Connector (SaaS/Cloud) .
  4. Select the data to send to your syslog server(s).
    • Workbench alerts
    • Observed Attack Techniques
    Note
    Note
    You must select at least one data type.
  5. Click Connect Syslog Server.
  6. In the Syslog Server Connection panel, configure the following settings.
    Setting
    Description
    Server address
    Specify the IP address or FQDN for your Syslog server.
    Syslog format
    Select the syslog format.
    Note
    Note
    Syslog Connector (SaaS/Cloud) currently only supports Common Event Format (CEF).
    Protocol
    Select the connection protocol.
    Port
    Specify the port.
    Default port settings:
    • SSL/TLS: 6514
    • TCP: 601
  7. (Optional) Select Use CA certificate to upload a CA certificate to use when connecting to the syslog server.
  8. (Optional) If your syslog server requires authenticated connections, select Server requires client authentication to upload the client certificate.
  9. Click Test Connection to perform a connection test and verify settings.
  10. Click Connect to test and save your connection settings.
  11. In the Syslog Connector (SaaS/Cloud) screen, click Save.