Enable SIEM logging

Use the Account > SIEM Storage page of the cloud portal to configure the storage options for SIEM output generated on the Reporting > Account Reports > SIEM Integration page. See Configuring SIEM Storage for details.

The Reporting > Account Reports > SIEM Integration page is used to format reporting data for use by a third-party SIEM tool and enable the generation of the log files.

Note:

The option to export data cannot be set to ON unless a valid storage option has been configured on Account > SIEM Storage.

The option is automatically set to OFF if:

Forcepoint storage is enabled but no logs have been downloaded for 30 days.
Bring your own storage is enabled but no SIEM data could be forwarded to the active bucket for 14 days.

Multiple emails are sent prior to disabling the export option.

See Exporting data to a third-party SIEM tool in Help for details on formatting the data.