Title
This article discusses how to integrate ControlOne with a third-party Security and Event Management (SIEM) application.
Environment
- Cytracom ControlOne
Description
ControlOne's SIEM integration lets you connect and send your syslog data to a third-party SIEM app.
Before you start
- This feature requires the External SOC/SIEM Integration management Add-on. You can purchase this add-on under Manage Licenses on the Manage Customers page of the Cytracom Partner Portal.
Figure 1: The SOC-SIEM add-on in the Partner Portal (click to enlarge)
- After purchasing the add-on, this feature must be activated for the tenant before setup can occur. To activate the feature, contact Cytracom Technical Support.
- You must have Admin permissions for the Cytracom Partner Portal to perform this procedure.
Procedure
Before performing these steps, contact Cytracom Technical Support. They must manually activate this feature before you can begin.
1. In the ControlOne Portal, click Admin Settings in the left-hand navigation menu.
Figure 2: The Navigation menu (click to enlarge)
2. Scroll to the SIEM Integration card, then toggle the slider to on.
3. In the SIEM Connector URL field, enter the connection resource (URL, IP address, port number, etc.) you will use to connect to the SIEM app.
Figure 3: The SIEM Integration card (click to enlarge)
Configuring SIEM integration options
You can configure the following options for exporting syslog data to your SEIM platform:
Figure 4: SIEM Integration options (click to enlarge)
1. SIEM Format: You can select either HTTPS or Syslog over TLS.
2. SIEM Syslog Collector Destination: Enter the target address for your syslog data.
3. Custom Fields: You can create custom fields that will display in the SIEM app. Click the Manage link in the Custom Fields setting to define these optional custom fields.
4. Advanced Export Settings: You can use these optional delimiters to configure byte encoding and framing
Additional resources
Still have questions? Click here to learn how to contact Cytracom Technical Support or open a ticket.