Returning to the SIEM page, you will see the SIEM agent you added. Copy the SIEM agent token and save it for later.Select the Activities you want to export to USM Appliance.Type the IP address of the Syslog Forwarder as the remote syslog host, specify 514 as the port, and UDP as the protocol.In Select your SIEM format, choose Generic CEF.Įxtend Advanced settings and select RFC 3164 as the time format to use. Click Add SIEM agent to start the wizard.In the Office 365 Cloud App Security portal, select Settings > SIEM agents.To configure Office 365 Cloud App Security to send CEF-formatted alerts to USM Appliance
Since unauthorized modification of USM Appliance can lead to instability, you must install the SIEM Agent on a different machine (nicknamed Syslog Forwarder below) and then forward the syslog messages to USM Appliance.īefore you configure the Microsoft Office 365 Cloud App Security integration, you must have the IP address of the Syslog Forwarder and the USM Appliance Sensor. According to the Microsoft documentation, the integration of Office 365 Cloud App Security with a SIEM server requires downloading a SIEM Agent (JAR file) and running it on the server.
0 kommentar(er)
