Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Forcepoint Web Security
- Customer Success & Engineering (Unlicensed)
- skadakia
TABLE OF CONTENT
OVERVIEW
Forcepoint web protection solutions allow Internet activity logging data and, as of v8.5.4, audit log data to be passed to a third-party SIEM product, like Seceon AI SIEM.
Use web protection reporting tools or SIEM integration to report on Internet activity when alerts reveal a potential issue.
Ref. link: https://www.websense.com/content/support/library/web/v85/siem/siem.pdf
STEPS FOR CONFIGURATION
STEP 1: Log in to the FORCEPOINT PROXY server.
STEP 2: Navigate through SETTINGS>>GENERAL>>SIEM INTEGRATION to activate.
STEP 3: Provide the <CCE IP address> or Hostname of the machine hosting the SIEM product, then further provide the communication Port(514) to use for sending SIEM data.
STEP 4: Specify the transport Protocol (TCP/UDP) to use when sending data to the SIEM product.
STEP 5: Click OK to cache your data, changes are not implemented until you click on Save and deploy(THIS OPTION IS ON RIGHT SIDE TOP).
VERIFICATION OF CONFIGURATION
Verification can be done either from UI or from the CCE server.
Using UI
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS.
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
Using CCE SERVER
Login into CCE Server with seceon user and execute the following command.
sudo tcpdump -i any host 514 and host <IP address> -AAA
Seceon Inc. All rights reserved. https://www.seceon.com