Warden Threat Detection
      Back to home
      1. Horangi Academy
      2. Platform Features
      3. Warden Threat Detection

      SIEM Integration via Syslog

      Integrate a Syslog Receiver

      To send Threat detection alerts to your Syslog server, you need to define the settings of the Syslog receiver from which you want to send notifications.

      1. Before defining the Syslog integration settings, enable access to the Warden IP address in your firewall configurations: 52.77.14.214, 52.220.201.39

      2. Select Settings → Integrations → Outbound Integrations / Forwarding Destinations → Syslog (SIEM) then click ADD.

      3. Define the following Syslog server parameters:

        1. Name - Unique name for the integration

        2. Hostname / IP Address - Hostname/FQDN or the IP address of the Syslog server

        3. Port Number - The port number on which to send Syslog messages.

        4. Protocol Type - Select a method of communication with the Syslog server:

          1. TCP (with encryption) -

          2. TCP - No validation is made on the connection with the Syslog server.

          3. UDP - Validation of the Syslog server certificate and uses the certificate signature and private key to encrypt the data sent over the connection.

        5. Client Certificate (if TCP with encryption, optional)

        6. Client Key (if TCP with encryption, optional)

        7. Client Key Password (if TCP with encryption, optional)

      4. Click Save Changes

      5. Once the integration is created, you can now select this forwarding destination in your Monitoring configurations.