Integrating with third-party SIEM products

Your web protection software can be configured to pass Internet activity (log) data and audit log data (v8.5.4 and v8.5.5) to a third-party SIEM product.

To enable this configuration:

Steps

  1. An instance of Multiplexer is installed with each Policy Server instance in your network.
    In appliance-based deployments, Policy Server runs on the full policy source appliance and all user directory and filtering appliances.
  2. Use the Web > Settings > General > SIEM Integration page of the Security Managert to activate the integration and configure the system to send log data to your SIEM product in the format you specify.
    See Enabling and configuring SIEM integration.

Next steps

Multiplexer can run on supported Windows or Linux platforms, or on Forcepoint appliances and is automatically installed with each Policy Server instance in your deployment.

Configuration for each Multiplexer instance is stored by its Policy Server. This means that you can configure different settings for each Multiplexer instance, if, for example, you use a different SIEM product in different regions.