SIEM Integration

'SIEM Integration' option allows you to forward data from ADSelfServicePlus to an external SIEM product or to a Syslog Server in real time.

Forwarding ADSelfService Plus data to a Syslog Server

Syslog is the event logging service in unix systems.You may also use this setting to forward to your SIEM's UDP or TCP Receiver.

Configuring a Syslog Server:

Steps to enable Syslog Logging in ADSelfServicePlus:
  1. Click on 'Admin' Tab → 'Product Settings' → 'Integration Settings'
  2. Click the 'Syslog' Tile.
  3. Enter the Syslog server name. Ensure that the Syslog server is reachable from the ADSelfServicePlus server.
  4. Enter Syslog port number and protocol.
  5. Choose Syslog standard and data format as required by your SIEM Parser.
  6. Click on Save

Forwarding ADSelfService Plus data to an external SIEM product : Splunk HTTP

Configuring Splunk Http Event Collector:
Steps to enable Splunk Logging in ADSelfServicePlus:
  1. Click on 'Admin' Tab → 'Product Settings' → 'Integration Settings'
  2. Click the 'Splunk' Tile.
  3. Enter the Splunk Server name. Ensure that the Splunk Server is reachable from the ADSelfServicePlus Server.
  4. Enter Splunk Http Event Collector port number and protocol.
  5. Specify the Http Event Collector token generated in Splunk for ADSelfServicePlus.
  6. Click on Save.

To search for ADSelfServicePlus Data in your SIEM product

The forwarded ADSelfService Plus events can be searched, grouped into reports and categorized as needed in your SIEM product.

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
  •  
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2021, ZOHO Corp. All Rights Reserved.