Skip to main content
McAfee MVISION Cloud

Configure SIEM over TCP-TLS

  1. Last updated
  2. Save as PDF

Supported certificate formats are:

  • .crt
  • .pem with sha256

To configure MVISION Cloud Connector with SIEM over TCP+TLS, use the following steps:

  1. Collect your SIEM CA root and Cloud Connector CA root certificates.
  2. To import the Cloud Connector CA root certificate to your customer SIEM server, follow the steps for your OS and device in Install CA Certificate as Trusted Root CA
  3. To import your SIEM server CA root certificate, execute the following command on the Cloud Connector machine:
 keytool -import -trustcacerts -keystore $EC_HOME/jre/lib/security/cacerts -storepass changeit -alias <custom-aliasname> -import -file  <CA File Path>
  1. Verify that the CA certificates are imported properly. 
 keytool -list -v -keystore $EC_HOME/jre/lib/security/cacerts
  1. Login to MVISION Cloud and go to Settings > Infrastructure > EC Configuration
  2. Select your Cloud Connector host ID, and go to the SIEM Integration tab. 
  3. For SIEM Protocol, select TCP+TLS, and click Save. For details, see EC Config SIEM Integration.
  4. Wait for the application context to refresh on Cloud Connector (about 5 minutes.)
  5. Restart the SIEM server to receive events over TLS. 
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. There are no recommended articles.
  1. Article type
    Topic
  2. Tags
    This page has no tags.