Go to
Settings>
Integrations>Security Incidents Feed.
Under
SIEM INTEGRATION check the box for
Export system events to the organization's SIEMSelect your SIEM vendor from the available options for
SIEM. If your vendor is not listed select Other syslog (CEF).
Select the protocol used by your vendor from:
- SSL/TLS (over TCP)
- TCP
- UDP
Enter the
IP Address / Hostname of your SIEM. NOTE: The address of your SIEM needs to be reachable from the internet. For on-premise SIEM solutions, provide an externally available IP address for your organization and ensure your internal network is configured to forward the SEP Mobile traffic to the SIEM. See
Setting up your network configuration for Symantec Endpoint Protection Mobile to see where the SEP Mobile traffic will come from.
Enter the
Port your SIEM uses for communication.
After entering the required information
Apply Changes.
See
Common Event Format (CEF) integration based on security incidents for additional details.