Event and log collection options for CloudSOC
search cancel

Event and log collection options for CloudSOC

book

Article ID: 279988

calendar_today

Updated On:

Products

CASB Securlet IAAS

Issue/Introduction

What options exist to gather logs from the CloudSOC tenant

Resolution

CloudSOC offers a set of API's to poll the events/logs from it.

Customer can use different tools/agents to poll them.

  1. SIEM Agent (premade python script offered by Broadcom)
    1. For more information you can look here:
      Send CloudSOC Logs to SIEM Tools
    2. Only collects logs from Investigate, Detect, and History
  2. Custom script (Customer can craft a script to poll them using any preferred scripting tool/language)
    1. For more information you can look here:
      CloudSOC APIs
  3. CloudSOC can push them to a custom bucket as an intermediary stage, and then the customer can configure their tools to poll them to their SIEM agent.
    1. For more information you can look here:
      Stream CloudSOC Event Logs to Cloud Buckets
    2. Currently only collects logs from Investigate
Powered by Wolken Software