Adding a new SIEM Profile
Create a new profile to connect Forcepoint RBI to a SIEM tool.
Steps
- Sign in to Forcepoint ONE Platform.
- On the upper-right corner of the page, click the Settings icon.
-
Navigate to Integration > SIEM.
-
To add a new SEIM profile, click +Add New Profile.
The Add SIEM Profile pane opens with the following sections.
Field Name Description Profile Details The fields in this section, allow for setting the name and description that will be used to store the profile on the system. Server Connection Details The fields in this section, allow for setting the server connection details for connecting to a SIEM server. Log Details The fields in this section, allow for setting the log format and selecting the events that will be included. -
Under SIEM Profile Details section:
-
Enter the SIEM Name.
Note: The Name is required. The profile cannot be saved without a name.
-
Enter short Description of the profile.
-
Enter the SIEM Name.
-
Under Server Connection Details:
-
For Export Destination, Syslog is the only option and is selected by default.
- In the Syslog Server field, enter the host name or the IP address of the Syslog server. This field is required.
- In the Server Port field, enter the port number of the server. This field is required
-
Select the Transport Protocol. TCP is selected by default.
If TCP is selected, you can also enable or disable TLS. If you enable TLS, select the certificates to be used.
- Click Check Connection to verify that Forcepoint ONE Platform can connect to the Syslog server.
-
For Export Destination, Syslog is the only option and is selected by default.
-
Under Log Details:
-
For Log Format, JSON is the only option and is selected by default.
-
Select the Events that need to be logged.
You can select one or more types of events and add or remove them from this field.
-
For Log Format, JSON is the only option and is selected by default.
-
To create SIEM profile with entered details, click Save.
The SIEM Profiles page displays the newly created SIEM profile