Install the SIEM Connector for Cloud App Security

Play Install the SIEM Connector for Cloud App Security

Description

Learn how Cloud App Security allows you to easily and quickly setup a SIEM connector providing all security information in one location. 

Tag:

Security

Embed

Download

Download this episode

Download captions

The Discussion

  • User profile image
    Hiren Vora

    We are using MCAS tool and our SIEM is on-premises. We went through SIEM agent configuration and pointed to public IP of the SIEM. We would like to know if the agent is going to pull or push alert info from MCAS portal. If the information comes inbound then do we need to open ports on our firewall?

  • User profile image
    Steve

    I'd like to send the full json events to our SIEM, or at a minimum to be able to choose what fields to send. There is not enough detail in the logs.

  • User profile image
    Mike Kassis

    Hi Steve,

    CEF format has a character limit, so there's restrictions on how much can be pulled and sent over that protocol. If you want all the metadata for activities and alerts, you can retrieve the full JSON by leveraging the exposed REST API's for Activities and Alerts. API documentation can be found by clicking the '?' Icon in the portal and select "API Documentation".

    Hope this helps.
    Mike

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.