Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!

Gallery

Contatti

Via Melchiorre Gioia, 168 - 20125 Milano

info@sgbox.it

+39 02 60830172

Linkedin Facebook-f Twitter

Search another article?

Created On
Print
You are here:
< Back

Syslog configuration on Cortex XDR

  1.  Select SettingsConfigurationsIntegrationsExternal Applications.
  2. In Syslog Servers, click + New Server.
  3. Define the following parameters:
    • Name: for the server profile
    • Destination: IP address or fully qualified domain name (FQDN) of SGBox.
    • port: number on which to send syslog messages.
    • facility: Select one of the syslog standard values. The value maps to how your syslog server uses the facility field to manage messages. For details on the facility field, see RFC 5424
    • Protocol: method of communication with the syslog receiver.
      •  TCP: No validation is made on the connection with the syslog receiver. However, if an error occurred with the domain used to make the connection, the Test connection will fail.
      • UDP: No error checking, error correction, or acknowledgment. No validation is done for the connection or when sending data.
      • TCP + SSL: Cortex XDR validates the syslog receiver certificate and uses the certificate signature and public key to encrypt the data sent over the connection.
    •  Certificate: The communication between Cortex XDR and the syslog destination can use TLS. In this case, upon connection, Cortex XDR validates that the syslog receiver has a certificate signed by either a trusted root CA or a self-signed certificate. You may need to merge the Root and Intermediate certificate if you receive a certificate error when using a public certificate. If your syslog receiver uses a self-signed CA, upload your self-signed syslog receiver CA. If you only use a trusted root CA leave the certificate field empty.
      •  Note: Up to TLS 1.3 is supported. – Make sure the self-signed CA includes your public key.
      • You can ignore certificate errors. For security reasons, this is not recommended. If you choose this option, logs will be forwarded even if the certificate contains errors.
  4. Test the parameters to ensure a valid connection, and click Create when ready
Syslog configuration on Cortex

For more information visit this link: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Forward-logs-from-Cortex-XDR-to-external-services

Tags: