Configure SIEM over TCP-TLS
Supported certificate formats are:
- .crt
- .pem with sha256
To configure MVISION Cloud Connector with SIEM over TCP+TLS, use the following steps:
- Collect your SIEM CA root and Cloud Connector CA root certificates.
- To import the Cloud Connector CA root certificate to your customer SIEM server, follow the steps for your OS and device in Install CA Certificate as Trusted Root CA.
- To import your SIEM server CA root certificate, execute the following command on the Cloud Connector machine:
keytool -import -trustcacerts -keystore $EC_HOME/jre/lib/security/cacerts -storepass changeit -alias <custom-aliasname> -import -file <CA File Path>
- Verify that the CA certificates are imported properly.
keytool -list -v -keystore $EC_HOME/jre/lib/security/cacerts
- Login to MVISION Cloud and go to Settings > Infrastructure > EC Configuration.
- Select your Cloud Connector host ID, and go to the SIEM Integration tab.
- For SIEM Protocol, select TCP+TLS, and click Save. For details, see EC Config SIEM Integration.
- Wait for the application context to refresh on Cloud Connector (about 5 minutes.)
- Restart the SIEM server to receive events over TLS.