SIEM Integration

Enhance threat visibility with Security Information and Event Management (SIEM) integration for automated log forwarding, policy-driven analysis, and API-triggered incident mitigation.

This feature is available in the Premium plan and higher.

SIEM Integration enables secure and efficient log forwarding to your Security Information and Event Management (SIEM) system for analysis and threat detection. Data is transmitted in 1-minute intervals, ensuring timely delivery and processing. Additionally, our API Integration allows SIEM systems to take automated actions, such as blocking users when threats are detected.

Prerequisites

  • A SIEM system that supports the JSON log format and can receive logs via Syslog (UDP, TCP, or TCP with TLS).

Configuration guide

Please refer to your SIEM system's documentation for details on port/protocol you should use.

Log in to the GoodAccess Control Panel, and go to Settings > SIEM.

Check Enable SIEM Integration, and connect your SIEM system.

  • Host - Enter your SIEM system's Hostname/IP

  • Port - Specify the port number used for communication

  • Protocol - Choose between:

    • TCP

      • When using TCP, we strongly recommend enabling encrypted communication via TLS. To enable TLS, upload a valid CA certificate.

    • UDP

  • Data exported to SIEM - Choose from:

    • Admin Logs

    • Threat Blocker Logs

    • Device Posture Check Logs

    • Gateway Access Logs

Click Save.

SIEM Integration setup wizard.
SIEM Integration setup wizard

You have now successfully set up the integration between GoodAccess and your SIEM system.

Last updated

Was this helpful?