Device Configuration: PIM Arcon

Overview

We are providing you with the steps to integrate your PIM Arcon with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ).

Steps Of Configuration

Step 1. Navigate to Provisioning by clicking on the Provisioning tab located in the top menu bar of the application.

Open

Step 2. Drop down Add on devices by clicking on the downward-facing arrow next to the 'Add on devices' option in the menu.

Open

To add support for PIM Arcon, please follow the steps below:

1. Device: Select 'PIM Arcon' as the device name.

2. Name: Choose any name you like.

3. CCE Host: Enter the IP address of the CCE.

4. If via API -

   1. Access ID/username: Enter the username for the Arcon.

   2. Password/Secret Key: Enter the password for the Arcon.

   3. Enter the following JSON format in the last field the Arcon Host (without https://): {"host": "arcon_host"}

5. Via SQL Database

   1. Access ID/username: Enter the username for the Database User.

   2. Password/Secret Key: Enter the password for the Database Pass.

   3. Enter the following JSON format in the last field the Arcon Database Details: {"pimarcon_host": "database_host", "pimarcon_port": "database_port", "pimarcon_databasename": "database_name", "pimarcon_tablename": "database_table_name"}

6. Click the Save button."

Verification

STEP 1:Log in to UI >> SYSTEM

STEP 2: >> Logs and flows collection status

STEP 3: >>To verify the source device IP from the UI:

• Log in to the user interface

• Navigate to the "SYSTEM" section

• Look for the "SOURCE DEVICE IP"

• Check the IP address that is displayed

• Compare the IP address displayed against the expected source device IP

This will allow you to ensure that the system is properly identifying the source device IP and that it matches the expected IP address..