SIEM logging permissions are available by default. To set up SIEM logging in the cloud portal:
Steps
-
Create a new administrator contact for Forcepoint storage.
We strongly recommend that the log download process has its own user name and password to gain access to the Forcepoint Web Security Cloud service. This keeps the process
separate from your other administration tasks and enables you to establish longer password expiration policies.
-
Enable SIEM logging.
-
Schedule log file download for Forcepoint storage.