Version

Cb Defense (formerly Confer) - All

Topic

This document provides information on how to set up a Connector to a SIEM

Steps

1. In the UI, browse to the Connectors page.
2. Click on Download to find the installation guide and installation files.
3. Download the respective installation file.

If any customization is required or there are any questions, please contact Technical Support for assistance.

The basic workflow of a connector post installation and configuration is:

1. Connector is configured and available. An Alert or Notification is created and the Connector is subscribed to that Alert.
2. The SIEM running the connector script polls the Cb Defense cloud for any available Alerts / Notifications. If there are Alerts that match the defined Alert that is subscribed to the connector, then the cloud presents the syslog messages to the SIEM for download. By design, the Cb Defense Connector does not initiate any syslog transactions.
3. There are a variety of workflows that should be considered when using this functionality within Cb Defense. Some organizations use a SIEM as a warehouse repository for everything that Cb Defense collects and Alerts on. Other configurations send only specific Alerts to a SIEM and other high priority Alerts are sent to specific email addresses.
4. Alerts are not retroactive, so if a change is made to the configuration, Cb Defense will not queue up all past Alerts meeting the new condition for the SIEM to download. Only new Alerts post configuration change will be available.

An updated version of the Cb Defense SIEM: Syslog connector is available at 3-24-17 Cb Defense SIEM Connector