Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Device Configuration-Thycotic PAM
- Customer Success & Engineering (Unlicensed)
Overview
In this document we will guide you with the steps to integrate Thycotic PAM to receive syslog to the Seceon SIEM server for better visibility of threats happening in your environment.
Steps Of Configuration
Login to your Thycotic SS platform
Navigate to Administration > Configuration.
Select the General tab and click on the Edit button.
Check the Enable Syslog/CEF Logging check box. Three additional textboxes or lists appear:
Syslog/CEF Server: IP address or name of the server. (Put the CCE IP address )
Syslog/CEF Port: Server port for sent events. (Put the port as 514).
Syslog/CEF Protocol: Select UDP.
Syslog/CEF Time Zone: UTC Time or Server Time, depending on your preference.
Complete or Configure those controls
Click on Save
Verification
On CCE Server
Login as seceon user and run the below command
sudo tcpdump -i any port 514 and host <PAM IP>
On UI
Login to UI >>System>>Logs Flow Collection Screen
Inside Source Device IP column, PAM IP will reflect .
Related content
Seceon Inc. All rights reserved. https://www.seceon.com