Create a new profile to connect Forcepoint RBI to a SIEM tool.
Steps
-
Sign in to Forcepoint ONE Platform.
-
Click the settings icon on the top
. Next, navigate to .
-
Click the +Add New Profile button. Following dialog is displayed:
Table 1. +Add New Profile Fields
| S.No. |
Field Name |
Description |
| 1 |
Profile Details |
The fields in this section, allow for setting the name and description that will be used to store the profile on the system. |
| 2 |
Server Connection Details |
The fields in this section, allow for setting the server connection details for connecting to a SIEM server. |
| 3 |
Log Details |
The fields in this section, allow for setting the log format and selecting the events that will be included. |
-
Under Profile Details section, enter the Name and Description.
Note: The Name is required. The profile cannot be saved without a name.
-
Under Server Connection Details
-
For Export Destination, Syslog is the only option and is selected by default.
-
In the Syslog Server field, enter the host name or the IP address of the Syslog server. This field is required.
-
In the Server Port field, enter the port number of the server. This field is required
-
Select the Transport Protocol. UDP is selected by default. If TCP is selected, you can also enable or disable TLS. If you
enable TLS, select the certificates to be used.
-
Click Check Connection to verify that Forcepoint RBI can connect to the Syslog server.
-
Under Log Details:
-
For Log Format, JSON is the only option and is selected by default.
-
Select the Events that need to be logged. You can select one or more types of events and add or remove them from this field.
-
Click Save.
