TABLE OF CONTENT
Table of Contents |
---|
OVERVIEW
Forcepoint web protection solutions allow Internet activity logging data and, as of v8.5.4, audit log data to be passed to a third-party SIEM product, like Seceon AI SIEM.
...
Ref. link: https://www.websense.com/content/support/library/web/v85/siem/siem.pdfhttps://docs.splunk.com/Documentation/AddOns/released/WebsenseCG/Setup
STEPS FOR CONFIGURATION
STEP 1: Log in to the FORCEPOINT PROXY server.
STEP 2: Navigate through SETTINGS>>GENERAL>>SIEM INTEGRATION to activate.
STEP 3: Provide the <CCE IP address> or Hostname of the machine hosting the SIEM product, then further provide the communication Port(514) to use for sending SIEM data.
STEP 4: Specify the transport Protocol (TCP/UDP) to use when sending data to the SIEM product.
STEP 5: Click OK to cache your data, changes are not implemented until you click on Save and deploy(THIS OPTION IS ON RIGHT SIDE TOP).
VERIFICATION OF CONFIGURATION
Verification can be done either from UI or from the CCE server.
Using UI
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS.
...
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.
...
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
...
Using CCE SERVER
Login into CCE Server with seceon user and execute the following command.
...