Data that is logged on Web Gateway in syslog log files can be sent to Skyhigh Security Security Manager (Trellix ESM).
The data transfer is controlled by a rule in a rule set that is available in the online rule set library for Web Gateway. The component of Trellix ESM that the data is sent to is the Skyhigh Security SIEM Receiver.
To enable the transfer, you adapt a system file for remote use of syslog data on Web Gateway. The name of this system file is rsyslog (the r in the file name stands for remote). You must also configure the Skyhigh Security SIEM Receiver to let Web Gateway be included as a data source in the Trellix ESM environment.
Version 9.3.2 or a later version of Trellix ESM is required for the data transfer to work.