To send syslog data that is collected on Web Gateway to Trellix ESM, complete the following high-level steps.
- Import the SIEM rule set from the online rule set library for Web Gateway. Place it as a nested rule set in the default Log Handler rule set.
In the online rule set library, this rule set is available under SIEM (Nitro) Integration.
- In the imported rule set, enable the Send to syslog rule and disable the Send to nitro.log rule.
- Use the File Editor to adapt the rsyslog system file for the data transfer.
If you are running multiple Web Gateway appliances in a Central Management cluster, adapt the system file on every appliance within the cluster.
- On Trellix ESM, configure the Skyhigh Security SIEM Receiver to let Web Gateway be added as a data source.
For more information, see the documentation for Trellix ESM and the Data Source Configuration Guide. The guide is provided in the online rule set library under SIEM (Nitro) Integration.