Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jt-jt
Participant

Harmony Connect log export/integration with SIEM

Hi,

We are looking at a few replacements (SASE, CASB, SIEM) and wondered if there is any way to export the logs from Harmony Connect (I guess in the Infinity portal) to a SIEM such as Microsoft Sentinel?

Many thanks in advance.

JT

0 Kudos
5 Replies

Currently, getting your logs streamed to a SIEM is available by submitting a TAC support ticket.
We plan to provide a self-service UI for this configuration (coming soon).
The SIEM will need to accept Syslog, Splunk, CEF or LEEF traffic coming from the AWS hosted IP addresses (this is where our cloud POPs are located at) using the Log Exporter mechanism.

Also suggest keeping your local SE across the request.

0 Kudos
jt-jt
Participant

Thank you, I'll speak to our SE on it.

0 Kudos

To update the UI has been made available since in Global Settings:

HC-syslog.png

dantlitz
Explorer

I see our on prem MDS supports a Log Rhythm format.  Is that supported from the Harmony Cloud?

 

0 Kudos

You can enquire via an SR other formats can be set on the backend in some instances.

syslog.png

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Infinity-Portal-Admin-Guide/C...

 

0 Kudos