Go to Settings
>Integrations>Security Incidents Feed
Under SIEM INTEGRATION
check the box for Export system events to the organization's SIEM
Select your SIEM vendor from the available options for SIEM
. If your vendor is not listed select Other syslog (CEF).
Select the protocol used by your vendor from:
- SSL/TLS (over TCP)
Enter the IP Address / Hostname
of your SIEM. NOTE: The address of your SIEM needs to be reachable from the internet. For on-premise SIEM solutions, provide an externally available IP address for your organization and ensure your internal network is configured to forward the SEP Mobile traffic to the SIEM. See Setting up your network configuration for Symantec Endpoint Protection Mobile
to see where the SEP Mobile traffic will come from.
Enter the Port
your SIEM uses for communication.
After entering the required information Apply Changes
See Common Event Format (CEF) integration based on security incidents
for additional details.