This article will give you step by step instructions on how to link your SIEM server solution to SafeConsole.
Benefits and Features:
This feature will allow you to set up alerts for many different events that take place on your SafeConsole server. You can track events and get a notifications via email every time a device is connected, a user logs in, a password is changed, a device resets, and much more.
**Please note that it is recommended to set logging out to DEBUG mode on your SafeConsole server when adding the SIEM feature. This can be done through the SafeConsole configuration tool.**
(Configuration tool example image for the recommendation note above)
1. After your SPLUNK SIEM server is set up and deployed, you will need to set up the new Input.
a. Log into your server through the GUI interface
b. Select [SETTINGS] in the navigation menu
c. Select [ADD DATA] in the drop down menu
2. Now you will need to set up the "Monitoring" Settings.
a. Select the [MONITOR] option
3. Configure your settings.
a. Select [HTTP Event Collector]
b. Input the name of your SafeConsole Server
c. Select [NEXT]
4. Confirm the Input Settings.
a. Add or remove desired Indexes
a. Select the [REVIEW] button
5. Confirm your monitoring settings.
a. Select the [SUBMIT] button
6. Your token will be created.
a.Copy the token value
7. Input the SPLUNK integration settings into SafeConsole
a. Set the system type to [SPLUNK]
b. Type in the server name or IP Address (HTTPS is recommended)
c. Input the port number of the SPLUNK server (8080 by default)
d. Paste in the token you copied from the SPLUNK GUI
You are now able to track SafeConsole data inside of your SPLUNK SIEM Solution.