SIEM Integration
Enhance threat visibility with Security Information and Event Management (SIEM) integration for automated log forwarding, policy-driven analysis, and API-triggered incident mitigation.
Last updated
Was this helpful?
Enhance threat visibility with Security Information and Event Management (SIEM) integration for automated log forwarding, policy-driven analysis, and API-triggered incident mitigation.
Last updated
Was this helpful?
SIEM Integration enables secure and efficient log forwarding to your Security Information and Event Management (SIEM) system for analysis and threat detection. Data is transmitted in 1-minute intervals, ensuring timely delivery and processing. Additionally, our allows SIEM systems to take automated actions, such as blocking users when threats are detected.
A SIEM system that supports the JSON log format and can receive logs via Syslog (UDP, TCP, or TCP with TLS).
Check Enable SIEM Integration, and connect your SIEM system.
Host - Enter your SIEM system's Hostname/IP
Port - Specify the port number used for communication
Protocol - Choose between:
TCP
When using TCP, we strongly recommend enabling encrypted communication via TLS. To enable TLS, upload a valid CA certificate.
UDP
Data exported to SIEM - Choose from:
Admin Logs
Threat Blocker Logs
Device Posture Check Logs
Gateway Access Logs
Click Save.
You have now successfully set up the integration between GoodAccess and your SIEM system.
