Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Configure Syslog Forwarding in Darktrace

Before CCE can start ingesting data from Darktrace, a Darktrace administrator with UI access must configure Darktrace to send syslog to the CCE(Collector).

To configure syslog forwarding in Darktrace:

  1. Log in to Darktrace interface;

  2. Expand top left menu and select Admin, a second menu appears;

  3. Select System Config page

  1. In Alerting section, click on Verify Alert Settings

  2. In JSON Syslog Alerts, set field to True

  3. Set syslog server to CCE Server’s IP address

  4. Set a port 514 UDP to use with the CQ event source

  5. Set JSON Syslog TCP Alerts to True

Ref link: https://docs.rapid7.com/insightidr/darktrace/

  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com