LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Prerequisites
  • Configuration guide

Was this helpful?

  1. Configuration guides
  2. Features

SIEM Integration

Enhance threat visibility with Security Information and Event Management (SIEM) integration for automated log forwarding, policy-driven analysis, and API-triggered incident mitigation.

PreviousAcronis IntegrationNextSSO/SCIM

Last updated 1 month ago

Was this helpful?

This feature is available in the Premium plan and higher.

SIEM Integration enables secure and efficient log forwarding to your Security Information and Event Management (SIEM) system for analysis and threat detection. Data is transmitted in 1-minute intervals, ensuring timely delivery and processing. Additionally, our allows SIEM systems to take automated actions, such as blocking users when threats are detected.

Prerequisites

  • SIEM system supporting JSON log format

Configuration guide

Please refer to your SIEM system's documentation for details on port/protocol you should use.

Check Enable SIEM Integration, and connect your SIEM system.

  • Host - Enter your SIEM system's Hostname/IP

  • Port - Specify the port number used for communication

  • Protocol - Choose between:

    • TCP

      • When using TCP, we strongly recommend enabling encrypted communication via TLS. To enable TLS, upload a valid CA certificate.

    • UDP

  • Data exported to SIEM - Choose from:

    • Admin Logs

    • Threat Blocker Logs

    • Device Posture Check Logs

    • Gateway Access Logs

Click Save.

You have now successfully set up the integration between GoodAccess and your SIEM system.

🖥️
API Integration
Log in to the GoodAccess Control Panel, and go to Settings > SIEM.
SIEM Integration setup wizard
SIEM Integration setup wizard.