Configure Cylance Endpoint Security to send events to a SIEM solution or syslog server
Cylance Endpoint Security
to send events to a SIEM solution or syslog server- In the management console, on the menu bar, clickSettings > Application.
- Click theSyslog/SIEMcheckbox.
- Select the events that you want to send to your organization's SIEM solution or syslog server.For more information about the different types of events, see any of the following sections:
- Select or type in the information for your SIEM or syslog integration. The other sections in this guide provide details and descriptions for each option.
- In theSIEMdrop-down list, click the appropriate SIEM solution or syslog server.
- In theProtocoldrop-down list, click the appropriate protocol. If you choose TCP, it is a best practice to select theTLS/SSLcheck box to ensure that the syslog message is encrypted in transit (verify that your SIEM solution or syslog server is configured to listen for messages).
- If you want to include the full contents of fields with command line values, select theAllow messages over 2 KBcheck box. Currently this applies only to certainCylanceOPTICSmessage values.If you do not select this option, command line values in messages are truncated as necessary to keep the size of messages under 2 KB.
- In theIP/Domainfield, type the FQDN or IP address of the SIEM solution or syslog server.
- In thePortfield, type the port number that you want the SIEM solution or syslog server to listen on for messages. The port number must be between 1 and 65535.
- In theSeveritydrop-down list, click the severity of the messages that should appear in the SIEM solution or syslog server. This value does not change the messages that are sent to the SIEM solution or syslog server.
- In theFacilitydrop-down list, click the type of application that is logging the message. This value is used to categorize the messages that are received by the SIEM solution or syslog server.
- If necessary, in theCustom Tokenfield, type the custom token that your organization’s log management service (for example, SumoLogic) requires for SIEM or syslog messages.
- ClickTest Connectionto verify that your settings are correct.
- ClickSave.