Page Comparison

...

• Early indicators of attack, such as abnormal DNS scans or failed login attempts. 

• The presence of known threat signatures

• Behavioral anomalies associated with zero-day attacks, such as atypical communication between assets

• Engineering operations associated with advanced persistent threat (APT) activity, such as unexpected process value changes

• Any activity or indicator that meets your custom-defined criteria

Device Information

Collection Method

Port Requirements

To facilitate secure communication and align with our best practice, we strongly encourage the use of Transport Layer Security (TLS) between your security devices and our Adaptive MxDR platform for event forwarding.

...

To configure Syslog from Claroty CTD Server

1. Log in to CTD Server (need user with admin access)credentials.

2. Navigate to Settings - > Integrations - > SIEM Syslog

...

3. Uncheck In ADD NEW SYSLOG, uncheck Local as we are sending logs to another target.

• Below points are mapped exactly as per the reference screenshot:

  • From (Site) – Select one or multiple sites (i.e. CTD Servers)

...

• • .

  • Vendor Name - Other

  • Message Contents – Select which level to log - Alerts, Baselines, Events, or Health Monitoring. Default is Alerts.

  • Category - Make category selected as ALL.

  • Message Format – Select CEF

  • Server – CyberHub IP Address

  • Port – 6514

  • Protocol –

...

• • TLS

    • When TLS is chosen, the Syslog message will be sent as an encrypted TCP message with CEF format, with an option to add server authentication by uploading a server certificate.

  • System URL – Automatically shows the source URL; this field is not editable

  • Save –

...

• • Click to commit your entries

...

4. Selecting In Message Content as Alertsthen below screen appears. Select Category as , select Alerts and in Category, select All.

...

5. Selecting In Message Content as Eventsthen below screen appears. Select Category as select Events and in Category, select All.

...

6. Selecting In Message Content as Health Monitoring then below screen appears. You may tweak , select Health Monitoring and enter the value for Interval a per your requirement.

...

7. Selecting In Message Content as Baseline then below screen appears. Here are some important settings, select Baseline.

   1. Protocol: Displays protocols that exist in the specific environment. Select the protocol/s you want to filter for. The drop down displays protocols that exist in the specific environment.

   2. Communication Type: Search for the types of communication you require or scroll down to select from the list of communication Select your required communication types.

   3. Access Type: Select from the list of available access types.

...

To configure Syslog from EMC Server

1. Log in to EMC (need user with admin access)credentials.

2. Navigate to Settings > Integrations > SIEM Syslog

3. Click the + to Create New. 

...

4. Enter the following Configuration:

• To: Uncheck LOCAL because we are sending logs to a remote server

• From: Select one or multiple CTD sites or ALLfrom

...

• which you want to send syslog for

• Vendor name: Select vendor as Other

• Message Contents -

...

• Select Alerts, Baselines, Events from Message Contentsdrop-down and configure recommended settings provided before under CTD server configuration.

• Message Format – Select CEF

• Server – CyberHub IP Address

• Port – 6514

• Protocol – TLS:

  • When TLS is chosen, the Syslog message will be sent as an encrypted TCP message with CEF format, with an option to add server authentication by uploading a server certificate.

• System URL – Automatically shows the source URL; this field is not editable and does not need to be configured

• Save –

...

• Click to commit your entries.

...

To Test the Added Syslog Servers

Once Syslog configuration gets done then click to Send a Test Message option to test the Syslog servers those were added.

...

Integration Parameters

Parameters required from customer for Integration.