SIEM Integration
Enhance threat visibility with Security Information and Event Management (SIEM) integration for automated log forwarding, policy-driven analysis, and API-triggered incident mitigation.
This feature is available in the Premium plan and higher.
SIEM Integration enables secure and efficient log forwarding to your Security Information and Event Management (SIEM) system for analysis and threat detection. Data is transmitted in 1-minute intervals, ensuring timely delivery and processing. Additionally, our API Integration allows SIEM systems to take automated actions, such as blocking users when threats are detected.
Prerequisites
SIEM system supporting JSON log format
Configuration guide
Please refer to your SIEM system's documentation for details on port/protocol you should use.
Log in to the GoodAccess Control Panel, and go to Settings > SIEM.
Check Enable SIEM Integration, and connect your SIEM system.
Host - Enter your SIEM system's Hostname/IP
Port - Specify the port number used for communication
Protocol - Choose between:
TCP
When using TCP, we strongly recommend enabling encrypted communication via TLS. To enable TLS, upload a valid CA certificate.
UDP
Data exported to SIEM - Choose from:
Admin Logs
Threat Blocker Logs
Device Posture Check Logs
Gateway Access Logs
Click Save.
You have now successfully set up the integration between GoodAccess and your SIEM system.
Last updated
Was this helpful?
