We have installed both CA Identity portal and Identity manager and we want to understand how we can integrated with SIEM tool.
We are looking for the configuration for forwarding syslog event to SIEM tool, or is there any way specific for Both of the tools mentioned above.
Specifically we are looking to integrate with exabeam, Mcafee nitro.
CA Identity Manager 14,4
CA Identity Portal 14.4
OS: Windows Server 2019
Application Server : Wildfly 15.0.1
Component : Identity Manager and Identity Portal (standalone)
Is integration possible with Exabeam and Mcafee Nitro?
Identity Manager and Portal do not have any configuration or integration with SIEM tools. If you are using syslog, you may use applications like Splunk monitor and analyze the logs. Reviewing further online it seems Mcafee Nitro and Splunk are competing products. I did find some information on the integration between Splunk and Exabeam.
https://www.exabeam.com/wp-content/uploads/2020/07/Exabeam-Splunk-Solution-Brief.pdf
The pdf above is high level but it seems to be possible.
My recommendation would be to use Splunk and discuss with Exabeam the Splunk and Exabeam integration. Standalone does not come with a central log server. Please continue to work with your admins to integrate syslog with Splunk or Mcafee Nitro and Exabeam. I reviewed further with Virtual Appliance which does come with the syslog central log server. You can forward to applications like Splunk but your SIEM will need to review and configure further to create queries to analyze.