Share XDR data with your syslog server by configuring the generic syslog connector.
The syslog connector is a generic SIEM connector, which allows you to send XDR data
to your SaaS or cloud-based syslog server. The connector supports multiple syslog
server connections.
For syslog CEF mapping, see Syslog content mapping - CEF.
Category
|
Vendor
|
Associated Apps
|
SIEM
|
Not applicable
|
|
Procedure
- Go to .
- Click Syslog Connector (SaaS/Cloud).
- In the Syslog Connector (SaaS/Cloud) screen, enable Syslog Connector (SaaS/Cloud) .
- Select the data to send to your syslog server(s).
-
Workbench alerts
-
Observed Attack TechniquesIf you select this data type, you can select one or more of the following event severity levels:
-
Critical
-
High
-
Medium
-
-
Audit logsIf you select this data type, you can select one or more of the following log types:
-
Account
-
System
-
Note
You must select at least one data type. -
- Click Connect Syslog Server.
- In the Syslog Server Connection panel, configure the
following settings.SettingDescriptionServer addressSpecify the IP address or FQDN for your Syslog server.Syslog formatSelect the syslog format.
Note
Syslog Connector (SaaS/Cloud) currently only supports Common Event Format (CEF).ProtocolSelect the connection protocol.PortSpecify the port.Default port settings:-
SSL/TLS: 6514
-
TCP: 601
-
- (Optional) Select Use CA certificate to upload a CA certificate to use when connecting to the syslog server.
- (Optional) If your syslog server requires authenticated connections, select Server requires client authentication to upload the client certificate.
- Click Test Connection to perform a connection test and verify settings.
- Click Connect to test and save your connection settings.
- In the Syslog Connector (SaaS/Cloud) screen, click Save.