SIEM Integration

Enhance threat visibility with Security Information and Event Management (SIEM) integration for automated log forwarding, policy-driven analysis, and API-triggered incident mitigation.

This feature is available in the Premium plan and higher.

SIEM Integration enables secure and efficient log forwarding to your Security Information and Event Management (SIEM) system for analysis and threat detection. Data is transmitted in 1-minute intervals, ensuring timely delivery and processing. Additionally, our API Integration allows SIEM systems to take automated actions, such as blocking users when threats are detected.

Prerequisites

A SIEM system that supports the JSON log format and can receive logs via Syslog (UDP, TCP, or TCP with TLS).

Configuration guide

Please refer to your SIEM system's documentation for details on port/protocol you should use.

Check Enable SIEM Integration, and connect your SIEM system.

Host - Enter your SIEM system's Hostname/IP
Port - Specify the port number used for communication
Protocol - Choose between:
- TCP
  - When using TCP, we strongly recommend enabling encrypted communication via TLS. To enable TLS, upload a valid CA certificate.
- UDP
Data exported to SIEM - Choose from:
- Admin Logs
- Threat Blocker Logs
- Device Posture Check Logs
- Gateway Access Logs

Click Save.

You have now successfully set up the integration between GoodAccess and your SIEM system.

PreviousAcronis Integration NextSSO/SCIM

Last updated 2 months ago

Was this helpful?