Versions Compared

Version Old Version 1 New Version Current
Changes made by

Aparna Rr

Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Retain the default Log Level as Information. 

  2. In Advanced Settings, please keep this as is. (For more information please refer attached connect user guide), Tanium Resource Center) Configure the connection source: Select Event (this applies to Tanium Detect only, for all other modules follow same steps, example given below for other modules)
    The connection source determines what data you are sending to the destination. 

  3. Select Match Alerts raw.

...

  • Destination Name: Micro Focus Arcsight.

  • Host: CyberHub IP

  • Protocol: UDP/TCP

  • Port: Based on protocol (Preferred: TCP: 601 UDP: 514)

...

  1. Keep Secure and Trust on First Use checkboxes unchecked.

  2. Keep the Filter Section as is. If you wish you can use Filter to Filter the Logs at source.

  3. Format: Select JSON format. Keep row delimiter and checkboxes default as is.

  4. Click Save 

...

  1. Retain default Log Level as Information. 

  2. In Advanced Settings, please keep this as is. (For more information please refer attached connect user guide, Tanium Resource Center)

  3. In Source and Destination, configure the connection source: 

    Select from drop down (The connection source determines what data you are sending to the destination.)

  4. Configure Destination:

  • Destination Name: Micro Focus Arcsight.

  • Host: CyberHub IP

  • Protocol: UDP/TCP

  • Port: Based on protocol (Preferred: TCP: 601 UDP: 514)

...

  1. Keep Secure and Trust on First Use checkboxes unchecked.

  2. Format: Select JSON format from the drop down. Keep row delimiter and checkboxes default as is.

  3. Click Save.

...

  • Destination - Select SIEM Destination with (via a socket) in the name

  • Destination Name - Create your own

  • Host - CyberHub IP

  • Network Protocol - TCP

  • Port - 6514

  1. Select Secure and Trust on First Use.

...

  1. Format: Select JSON, make sure that Generate Document is not selected

...

  1. In Create Configuration, in Source, select the Saved Question and select the Saved Question Name created earlier for Saved Question.

image-20241211-045825.png

  1. Click Save

Please go through attached document named as "Tanium_device_configuration_guide.pdf" refer, Tanium Resource Center for other module configuration.

...