Send system events to a SIEM solution
Security Information and Event Management (SIEM) software collects, analyzes, and aggregates security data from multiple sources to detect potential security threats. To send
BlackBerry UEM
system events to your organization’s SIEM software, you can add a SIEM connector. Currently, adding a SIEM connector is supported for UEM
on-premises only
UEM
uses TCP to communicate with SIEM. Plain text is not supported. - On the menu bar, clickSettings > External integration > SIEM connectors.
- Click .
- In theNamefield, type a name for the connector.
- In theConnector formatdrop-down list, click a logging and auditing file format.
- In theSIEM endpoint server namefield, type the SIEM server name.
- In thePortfield, type the port of the SIEM server.
- To use a TLS connection and host validation, verify that theEnable TLSandEnable host validationcheck boxes are selected.
- In theStatusdrop-down list, do one of the following:
- ClickEnabledto use the connector.
- ClickDisabledto turn off the connector.
- ClickSave.
- If you enabled a TLS connection, inSettings > External integration > Trusted certificates, click besideSIEM server truststo upload a trust certificate.
- To see a list of auditable events, navigate toSettings > Infrastructure > Audit Settings, click , and in theSecurity event audit settingssection click .