1. Cytracom
  2. ControlOne
  3. Additional Configuration

How to Configure SIEM Integration in ControlOne

Avatar
Mark Tichenor

Title

This article discusses how to integrate ControlOne with a third-party Security and Event Management (SIEM) application.

Environment

  • Cytracom ControlOne 

Description

ControlOne's SIEM integration lets you connect and send your log data to a third-party SIEM application.

Before you start

  • This feature requires the External SOC/SIEM Integration management Add-on. You can purchase this add-on under Manage Licenses on the Manage Customers page of the Cytracom Partner Portal. 

C1_SOCSIEM_AddONPurchase.png

Figure 1: The SOC-SIEM add-on in the Partner Portal (click to enlarge)

  • After purchasing the add-on, this feature must be activated for the tenant before setup can occur. To activate the feature, contact Cytracom Technical Support. 
  • You must have Admin permissions for the Cytracom Partner Portal to perform this procedure. 

Procedure

Before performing these steps, contact Cytracom Technical Support. They must manually activate this feature before you can begin. 

 

1. In the ControlOne Portal, click Admin Settings in the left-hand navigation menu, navigate to SIEM integration 

2. Scroll to the SIEM Integration card, then toggle the slider to on

Screenshot 2025-09-30 at 4.50.52 PM.png

Figure 2: The Navigation menu (click to enlarge)

3. In the SIEM Format dropdown, select the desired log format (Syslog, CEF, HTTPS).

Screenshot 2025-09-30 at 4.54.35 PM.png

Figure 3: The SIEM Integration log format settings (click to enlarge)

4. In the Choose Protocol dropdown, select the protocol (UDP, TCP).The port field updates automatically to common defaults (e.g., Syslog → 514, HTTPS → 443).

Screenshot 2025-09-30 at 4.58.47 PM.png

                    Figure 4: The SIEM Integration network protocol settings (click to enlarge)

5. In the SIEM Collector Destination section, enter the Destination URL and Target Port for your SIEM collector. Screenshot 2025-09-30 at 5.02.05 PM.png

                    Figure 5: The SIEM Collector Destination & Target port settings (click to enlarge)

Configuring SIEM Certificate options

You can configure the following advanced options:

Screenshot 2025-09-30 at 5.05.39 PM.png

Figure 6: SIEM Certificate options (click to enlarge)

1. Verify SSL Certificates: Toggle ON to validate the SIEM server’s SSL certificate before sending data.

2.Include Custom Certificates: Upload CA certificates in PEM format.

3.Enable mTLS Certificates

  • Toggle ON to enable Mutual TLS

  • Upload:

    • Client Certificate

    • Client Key File

    • (Optional) Client Key File Password

4. Custom HTTP Headers : You can create custom fields that will display in the SIEM app. Click the Manage link to define these optional custom fields.

5.Custom Fields : Click Manage to add metadata fields that display in your SIEM events.

6.SIEM Export Metrics : View counters at the bottom of the card.Use these to confirm logs are flowing correctly.

    • Events generated

    • Events exported

    • Bytes exported

Additional resources

Still have questions? Click here to learn how to contact Cytracom Technical Support or open a ticket.

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful