Sending logs to SIEM Product

book

Article ID: 102332

calendar_today

Updated On:

Products

CA Compliance Event Manager

Issue/Introduction



Is it possible to filter security event data, before sending them to a SIEM product such as Splunk ?

Environment

Release:
Component: CEVM

Resolution

Security event data can be filtered by the Policy Statement Event Selections and Test Conditions. Also with the Compliance Event Manager SIEM Policy Actions you can select what security event data is sent to a SIEM application such as SPLUNK. Once the Policy event selection criteria and SIEM Policy Action is setup to select the security event data to be sent to the SIEM application no more filtering can be done.