/
Device Config: Cylance - Syslogs Forwarding

Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Config: Cylance - Syslogs Forwarding

Overview

This document will provide you with the steps to integrate your Cylance Firewall with Seceon SIEM so one can have comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE (Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we will guide you through the steps for log forwarding to our OTM platform.

Before proceeding for configuration make sure that the port 514 is allowed from the firewall.

Steps Of Configuration

Login to the Cylance with admin credential

  1. In Cylance, go to Settings > Application.

2. In the Integrations section, activate the Syslog/SIEM check box.

3. Under Event Types activate the checkboxes for all events.

For other options, make the choices as below:

  • SIEM: "None"

  • Protocol: "UDP"

  • TLS/SSL check box: Unchecked

  • IP/Domain: Enter the IP of the Seceon CCE

  • Port: 514.

  • Severity: "Alert (1)"

  • Facility: "Internal (5)"

Click Save.

VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Log in to UI >> SYSTEM

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

Using CCE SERVER

sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be running on the CCE server to check whether or not we are getting logs.

Related content

Device Config: Cylance - Syslogs Forwarding to Seceon CCE
Device Config: Cylance - Syslogs Forwarding to Seceon CCE
More like this
Squid Proxy server logs configuration
Squid Proxy server logs configuration
Read with this
Configuring a remote logging target in Cisco ISE
Configuring a remote logging target in Cisco ISE
More like this
Nxlog Configuration for Windows AD Logs
Nxlog Configuration for Windows AD Logs
Read with this
Configuration of Syslog from Zyxel Firewall
Configuration of Syslog from Zyxel Firewall
More like this
From Source Windows Server
From Source Windows Server
Read with this

Seceon Inc. All rights reserved. https://www.seceon.com