Environment

• Cb Defense Web Console: All Versions
• Cb Defense Syslog Connector: All Versions

Objective

How to configure a single Cb Defense Syslog Connector to pull data from multiple Organizations.

Resolution

This configuration can be done by modifying the Config File located at /etc/cb/integrations/cb-defense-syslog/cb-defense-syslog.conf.

The Example Config File shows how to configure multiple orgs:

# # For more than one Cb Defense Server, add another server using the following template including the stanza # #[cbdefenseserver2] #connector_id = F8KF111111 #api_key = WT9T3QDP4UGCK2NS96111111 #server_url = https://server2.yourcompany.com

As an example for a three Org configuration, with the first server configured at the top of the configuration file, the bottom of the file would look like:

# # For more than one Cb Defense Server, add another server using the following template including the stanza # [cbdefenseserver2] connector_id = F8KF111111 api_key = WT9T3QDP4UGCK2NS96111111 server_url = https://server2.yourcompany.com [cbdefenseserver3] connector_id = B7NH111111 api_key = NMVCDP4UGCK2NS96111111 server_url = https://server3.yourcompany.com

Additional Notes

• The server URLs can be found here: Cb Defense: API URLs
• Connector ID and API Key can be obtained after you finish: Setting Up Connectors to SIEM

Related Content

Cb Defense: How to configure cb-defense-syslog.conf for SIEM Connectors

Cb Defense: What does a Sample Syslog Output look like?

Cb Defense: Can Authorized IP field be left blank when setting up a new connector?

Cb Defense: What type of IP Addresses can be used for SIEM Connectors?