Using Forcepoint storage
To get the formatted SIEM data to your network, you can either use the sample Perl script included in the zip file linked at the top of the SIEM integration page, or create a script of your own. The account used to run this script must have “Log Export” permissions (see Running the SIEM log file download script for Forcepoint storage for more information about using the script) but permission to log onto the portal is not required.
If you give this contact only the Log Export permission and nothing else, the user name and password cannot be used to log on to the cloud portal. Although log on permissions are not needed to run the script, the View Reports permission is the minimum permission a user needs to be able to log on.
Minimum permissions should be given to this user. The user password is needed to run the script and is viewable in plain text. For that reason, it is recommended that this user not be one with permissions to modify reports or account policies.
To download the sample script: