Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Forcepoint Web Security

TABLE OF CONTENT

 

OVERVIEW

Forcepoint web protection solutions allow Internet activity logging data and, as of v8.5.4, audit log data to be passed to a third-party SIEM product, like Seceon AI SIEM.

Use web protection reporting tools or SIEM integration to report on Internet activity when alerts reveal a potential issue.

Ref. link: https://www.websense.com/content/support/library/web/v85/siem/siem.pdf

STEPS FOR CONFIGURATION

STEP 1: Log in to the FORCEPOINT PROXY server.

STEP 2: Navigate through SETTINGS>>GENERAL>>SIEM INTEGRATION to activate.

STEP 3: Provide the <CCE IP address> or Hostname of the machine hosting the SIEM product, then further provide the communication Port(514) to use for sending SIEM data.

STEP 4: Specify the transport Protocol (TCP/UDP) to use when sending data to the SIEM product.

STEP 5: Click OK to cache your data, changes are not implemented until you click on Save and deploy(THIS OPTION IS ON RIGHT SIDE TOP).

VERIFICATION OF CONFIGURATION

Verification can be done either from UI or from the CCE server.

Using UI

STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS.

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

Using CCE SERVER

Login into CCE Server with seceon user and execute the following command.

sudo tcpdump -i any host 514 and host <IP address> -AAA

 

Seceon Inc. All rights reserved. https://www.seceon.com