Introduction

Administrators using Forcepoint Web Security Cloud or Forcepoint Email Security Cloud have the option to download reporting data for use by a third-party Security Information and Event Management (SIEM) solution.

Once you have enabled SIEM logging in the Forcepoint Cloud Security Gateway Portal, also referred to as the cloud portal, you can schedule a regular process to download the logs and save them to a location of your choice. Logs stored by Forcepoint are retained in the cloud service for 14 days.

Important: Standard reporting data is retained for 90 days and can be accessed through standard and custom reports; SIEM logs, once enabled, are retained for 14 days.

Follow the steps in the below topics to set up and use SIEM logging. See:

  1. Setting up SIEM integration provides step-by-step instructions for setting up SIEM logging in the cloud portal, accessing the log files, and understanding the sample download script.
  2. Schedule log file download for Forcepoint storage describes the issues you must be aware of when downloading the logs, and how to schedule the download process when Forcepoint storage has been selected.
  3. File format definition for SIEM logging describes the contents of a log file, with examples.

If you encounter unexpected issues while setting up SIEM logging, see Troubleshooting SIEM logging using Forcepoint storage.