Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jt-jt
Participant

Harmony Connect log export/integration with SIEM

Hi,

We are looking at a few replacements (SASE, CASB, SIEM) and wondered if there is any way to export the logs from Harmony Connect (I guess in the Infinity portal) to a SIEM such as Microsoft Sentinel?

Many thanks in advance.

JT

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee

Currently, getting your logs streamed to a SIEM is available by submitting a TAC support ticket.
We plan to provide a self-service UI for this configuration (coming soon).
The SIEM will need to accept Syslog, Splunk, CEF or LEEF traffic coming from the AWS hosted IP addresses (this is where our cloud POPs are located at) using the Log Exporter mechanism.

Also suggest keeping your local SE across the request.

CCSM R77/R80/ELITE
0 Kudos
jt-jt
Participant

Thank you, I'll speak to our SE on it.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

To update the UI has been made available since in Global Settings:

HC-syslog.png

CCSM R77/R80/ELITE
dantlitz
Explorer

I see our on prem MDS supports a Log Rhythm format.  Is that supported from the Harmony Cloud?

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

You can enquire via an SR other formats can be set on the backend in some instances.

syslog.png

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Infinity-Portal-Admin-Guide/C...

 

CCSM R77/R80/ELITE
0 Kudos
Upcoming Events

    CheckMates Events