Use these settings to forward incidents to SIEM.
IMPORTANT: You must have the MVISION Cloud Connector user role to configure Cloud Connector. For details, see About User Roles and Access Levels.
IMPORTANT: You must access the MVISION Cloud user interface from the same network that your Cloud Connector is on. Otherwise, you cannot enable the feature or configure settings. An error message displays, "SIEM settings cannot be accessed outside of your company's network. You need to be inside your company's network to turn on the feature."
|SIEM Server Port||Enter the SIEM server port number.|
|SIEM Server Host||Enter the SIEM server hostname.|
Select the SIEM server protocol from the menu:
|Data Export Format Type||
Select the data export format type from the menu:
|Anomaly Export Type||
Select the Anomaly export type from the menu:
|Incident Export Type||
Select the Incident export type from the menu:
|Audit Log Export Type||
Select the Audit Log export type from the menu.
|Anomaly Endpoint Suffix||Enter the suffix for the Anomaly import endpoint from the MVISION Cloud API.|
Click Show Advanced Settings to display.
|Audit Log Job Frequency||Enter the frequency in milliseconds for Audit Log downloads. The default is 14400000 milliseconds. This property is only relevant when Audit Log import is enabled for SIEM|
|Incident Job Frequency||Enter the frequency in milliseconds for Incident downloads. The default is 14400000 milliseconds. This property is only relevant when Incident import is enabled for SIEM.|
|Anomaly Job Frequency||Enter the frequency in milliseconds for Anomaly downloads. The default is 14400000 milliseconds. This property is only relevant when Anomaly import is enabled for SIEM.|
|Disable SIEM Local Detokenization||Select Yes to disable SIEM local detokenization. Select No to enable.|
|SIEM Escape CSV Type||Select Yes to enable the SIEM escape CSV type. Select No to disable.|
|SIEM Format Type||Select Yes to enable the old SIEM format type. Select No to enable the new SIEM format type.|
|Max Message Length||Enter the number of Bytes for the maximum message length.|
|SIEM Incidents Import Limit||Enter the number limit of SIEM incidents that can be imported.|
|SIEM Audit Log Batch Size||Enter the number limit of SIEM audit logs that can be imported.|
|Replaceable Keys||Enter the JSON to map SIEM payload keys from MVISION Cloud to your custom keys.|
|Insert Keys||Enter any additional custom keys to be inserted with values as constants, used as part of the SIEM payload.|
|Exclude Keys||Enter any key and its value to be excluded from the data exporting to SIEM.|
|Exclude certain messages||Exclude any messages from going to the SIEM, for example, certain messages that contain sensitive data.|
|SIEM Export Max Field Length||Enter the maximum field length in characters so that the data is truncated before exported to SIEM. Please enter 0 if no truncation is required.|