# Integrating OpManager with SIEM OpManager integrates with SIEM tools to forward critical network events, audits, access logs, and alerts in real-time to the SIEM platform, where they are pushed as syslogs. This integration enables OpManager to function as a centralized solution that collects, analyses, and correlates the security and event data to detect threats, support incident response and maintain network reliability. ## Configure OpManager - SIEM integration This integration allow OpManager to integrate with SIEM tool for better security event monitoring. Follow the steps below to set up and configure the integration. - [Steps to integrate OpManager with SIEM](https://www.manageengine.com/network-monitoring/help/siem-integration.html#how-to-configure) - [Configure Notification Profiles](https://www.manageengine.com/network-monitoring/help/siem-integration.html#profile) - [Configuring Notification Templates](https://www.manageengine.com/network-monitoring/help/siem-integration.html#template) ### Steps to integrate OpManager with SIEM : 1. Go to **Settings** → **General Settings** → **Integrations** → **SIEM**. 2. Click **Configure**. ![Integrating OpManager with SIEM](https://www.manageengine.com/network-monitoring/help/siem-integration.png) - Enter **SIEM Application Name**. - Enter the Host and Port details, including the **Hostname/IP Address** and **Port Number**. - **Note:** The syslogs format **RFC-5424** is used to forward data. - Check the **Send Access Logs** checkbox to forward access log files to SIEM. - Select the required audit modules to forward their logs to SIEM. - Accept SIEM’s privacy policy and click **Save** to complete the integration with OpManager. **Note:** 1. UDP/syslog protocol is used for forwarding the logs. 2. Ensure the third-party SIEM tool is configured to listen on the specified UDP port ### Configuring Notification profile You can set up a notification profile to forward alarms to your SIEM platform automatically, based on defined criteria. Follow the steps to configure: - Go to **Settings -> Notifications-> Notification profiles** - Click Add on the top right corner to add a new notification profile, and select on **SIEM -> SIEM(UDP/Syslog)** ![Integrating OpManager with SIEM](https://www.manageengine.com/network-monitoring/help/images/siem-profile.png) - Provide inputs for the required parameters, such as Format, Severity, Facility, Description, and variables. - If you enable the **Structured message** option, provide the required inputs as key value pair. - You can use the **Test Action** option to send a sample syslog message to the configured host and port to verify the configuration. ![Integrating OpManager with SIEM](https://www.manageengine.com/network-monitoring/help/images/siem-profile-01.png) - Click **Next** to select the [criteria](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#criteria-notifications), [device](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#select-devices), and configuration [time window](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#applying-time-window). - Click **Save** ### Configuring Notification Templates You can create notification templates in OpManager to define how alerts are sent, when alarms are triggered and use them in alarm correlation rules to get notified when specific patterns of events occur. - Go to **Settings -> Notifications-> Notification templates** - Click on **Add -> SIEM -> SIEM(UDP/Syslog)** to create a notification template. ![Integrating OpManager with SIEM](https://www.manageengine.com/network-monitoring/help/images/siem-template.png) - Enter the required parameters, including Template Name, Format, Severity, Facility, Description, and relevant Variables. - If you enable the Structured Message option, make sure to provide the required key-value pair inputs. - To verify the template, click on **Test Action.** - Click on **Save**. **Note:** Please refer to the [dynamic variable](https://www.manageengine.com/network-monitoring/help/workflow-variables.html) page for more information on the replaceable tags used in alarm details.