Configure SIEM over TCP-TLS

Use these configurations to receive events over TLS from SIEM.

Supported certificate formats are:

• .crt
• .pem with sha256

1. Collect your SIEM CA root and Cloud Connector CA root certificates.
2. To import the Cloud Connector CA root certificate to your customer SIEM server, follow the steps for your OS and device in Install CA Certificate as Trusted Root CA. 
3. To import your SIEM server CA root certificate, execute the following commands on the Cloud Connector machine:

Command for Linux

 $EC_HOME/jre/bin/keytool -import -trustcacerts -keystore $EC_HOME/jre/lib/security/cacerts -storepass changeit -alias <custom-aliasname> -import -file  <CA File Path>

Command for Windows

$EC_HOME\jre\bin\keytool.exe -import -trustcacerts -keystore $EC_HOME\jre\lib\security\cacerts -storepass changeit -alias <custom-aliasname> -import -file  <CA File Path>

4. Verify that the CA certificates are imported properly. 

Command for Linux

$EC_HOME/jre/bin/keytool -list -v -keystore $EC_HOME/jre/lib/security/cacerts -storepass changeit

 Command for Windows

$EC_HOME\jre\bin\keytool.exe -list -v -keystore $EC_HOME\jre\lib\security\cacerts -storepass changeit

5. Login to MVISION Cloud and go to Settings > Infrastructure > EC Configuration. 
6. Select your Cloud Connector host ID, and go to the SIEM Integration tab. 
7. For SIEM Protocol, select TCP+TLS, and click Save. For details, see EC Config SIEM Integration.
8. Wait for the application context to refresh on Cloud Connector (about 5 minutes.)
9. Restart the SIEM server to receive events over TLS.