Integrate a Syslog Receiver
To send Threat detection alerts to your Syslog server, you need to define the settings of the Syslog receiver from which you want to send notifications.
-
Before defining the Syslog integration settings, enable access to the Warden IP address in your firewall configurations: 52.77.14.214, 52.220.201.39
-
Select Settings → Integrations → Outbound Integrations / Forwarding Destinations → Syslog (SIEM) then click ADD.
-
Define the following Syslog server parameters:
-
Name - Unique name for the integration
-
Hostname / IP Address - Hostname/FQDN or the IP address of the Syslog server
-
Port Number - The port number on which to send Syslog messages.
-
Protocol Type - Select a method of communication with the Syslog server:
-
TCP (with encryption) -
-
TCP - No validation is made on the connection with the Syslog server.
-
UDP - Validation of the Syslog server certificate and uses the certificate signature and private key to encrypt the data sent over the connection.
-
-
Client Certificate (if TCP with encryption, optional)
-
Client Key (if TCP with encryption, optional)
-
Client Key Password (if TCP with encryption, optional)
-
-
Click Save Changes
-
Once the integration is created, you can now select this forwarding destination in your Monitoring configurations.