How to Perform Service Based SIEM Integration? What are Log Formats?
About
What is SIEM Integration?
SIEM (Security Information and Event Management) refers to the process of managing security information and events. Integration with a SIEM system typically involves collecting data from various security sources, analyzing it, detecting incidents, and reporting them within the SIEM platform.
What is Service Based SIEM Integration?
Profiles created on TR7 can be used in one or more services. For SIEM integration, the "Logs" profile, once created, can be assigned to a desired vService, making it ready for use specifically for that vService.
Warning
The created "Logs" profile can be assigned to multiple vServices.
What are Log Formats?
Specifies the format in which logs will be sent to the SIEM system, supported by TR7. The TR7 device supports 9 log formats:
- Standart Log Format
- Apache Combined Log Format ( Standard + Referrer + User Agent )
- Apache VHost Log Format ( Vhost + Standard + Referrer + User Agent )
- CEF Format
- TR7 JSON Format
- TR7 WAF Log
- Manuel JSON
- Manuel CEF
- Manuel Log Line Format
Interface
Log Profile Configuration
Step > 1
"Traffic Manager > Profiles > Logs" steps are followed. In the screen that opens, click on the Add button.
Step > 2
In the "Log Addresses" section, the IP and Port information of the SIEM server(s) (supports entering multiple servers) are entered to complete the SIEM integration.
Step > 3
From the "Line Format" section, the desired log format is selected to create the log profile.
Step > 4
The created log profile can be assigned to the desired vServices.