Syslog Connector (SaaS/Cloud) Configuration

Share XDR data with your syslog server by configuring the generic syslog connector.

Important:

This is a “Pre-release” feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.

The syslog connector is a generic SIEM connector, which allows you to send XDR data to your SaaS or cloud-based syslog server. The connector supports multiple syslog server connections.

Category

Vendor

Associated Apps

SIEM

N/A

  • Workbench

  • Observed Attack Techniques

  1. Go to Administration > Third-Party Integration.
  2. Click Syslog Connector (SaaS/Cloud).
  3. In the Syslog Connector (SaaS/Cloud) screen, enable Syslog Connector (SaaS/Cloud) .
  4. Select the data to send to your syslog server(s).
    • Workbench alerts

    • Observed Attack Techniques

    Note:

    You must select at least one data type.

  5. Click Connect Syslog Server.
  6. In the Syslog Server Connection panel, configure the following settings.

    Setting

    Description

    Server address

    Specify the IP address or FQDN for your Syslog server.

    Syslog format

    Select the syslog format.

    Note:

    Syslog Connector (SaaS/Cloud) currently only supports Common Event Format (CEF).

    Protocol

    Select the connection protocol.

    Port

    Specify the port.

    Default port settings:

    • SSL/TLS: 6514

    • TCP: 601

    • UDP: 514

  7. (Optional) Select Use CA certificate to upload a CA certificate to use when connecting to the syslog server.
  8. (Optional) If your syslog server requires authenticated connections, select Server requires client authentication to upload the client certificate.
  9. Click Test Connection to perform a connection test and verify settings.
  10. Click Connect to test and save your connection settings.
  11. In the Syslog Connector (SaaS/Cloud) screen, click Save.