Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ruan_Kotze
Advisor

Harmony Endpoint (Cloud Managed) - export events to on-prem SIEM

Hi CheckMates,

As per the subject line - I've got an HE deployment managed via Infinity portal.  The end user wants to ingest the logs via their on-prem syslog server.

What I'm not clear on is how one would go about creating and assigning the certificates required for TLS encryption.

For an on-prem deployment I would just generate the certificates via the process documented in the user guide.  Unfortunately there's a requirement that the log exporter device (i.e. the hosted HE management instance) must have connectivity to the CA server.  To my mind this means that one will not be able to use self-signed certificates?

Would appreciate feedback from anyone who has done a similiar setup.

Thanks,
Ruan

0 Kudos
3 Replies
Alex-
Leader Leader
Leader

No experience yet with Harmony on Infinity, but the PEM is created with the self-signed CA key and is then imported along with the P12 in the Harmony side. The same CA Key is used to validate the target server so Harmony should be able to self-validate since it has the PEM CA. Otherwise I think the documentation would only warrant the use of public certificate providers and not the OpenSSL commands to run by yourself.

0 Kudos
Ruan_Kotze
Advisor

Thanks Alex, appreciate the feedback.  What certificate then would need to be imported on the Syslog host side?  Assuming it will not trust the self-signed certificate presented unless the CA cert is also imported there?  think I might have answered my own question:-)

0 Kudos
Alex-
Leader Leader
Leader

It's mutual authentication, so the server side will also need the PEM which is used to sign both the client (CP) and server (syslog) certs.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events