Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.19
  3. Monitoring and reporting
  4. Send system events to a SIEM solution

Send system events to a SIEM solution

Security Information and Event Management (SIEM) software collects, analyzes, and aggregates security data from multiple sources to detect potential security threats. To send
BlackBerry UEM
 system events to your organization’s SIEM software, you can add a SIEM connector. Currently, adding a SIEM connector is supported for
UEM
 on-premises only.
UEM
 uses TCP to communicate with SIEM. Plain text is not supported.
  1. In the management console, on the menu bar, click
    Settings > External integration > SIEM connectors
    .
  2. Click The Add icon.
  3. In the
    Name
     field, type a name for the connector.
  4. In the
    Connector format
     drop-down list, click a logging and auditing file format.
  5. In the
    SIEM endpoint server name
     field, type the SIEM server name.
  6. In the
    Port
     field, type the port of the SIEM server.
  7. To use a TLS connection and host validation, verify that the
    Enable TLS
     and
    Enable host validation
     check boxes are selected.
  8. From the
    Status
     drop-down list, select one of the following:
    • To use the connector, click
      Enabled
      .
    • To turn off the connector, click
      Disabled
      .
  9. Click
    Save
    .
  • If you enabled a TLS connection, in
    Settings > External integration > Trusted certificates
    , click The Add icon beside
    SIEM server trusts
     to upload a trust certificate.
  • To see a list of auditable events, click
    Settings > Infrastructure > Audit Settings
    and click The Edit icon. In the
    Security event audit settings
     section, click The Add icon.