Discovery Log Forwarding¶
Overview¶
Discovery logs may be forwarded to Security Information Event Management (SIEM) systems to aggregate all security events into a single management platform.
Valtix supports viewing security event information directly within the UI. These events are available under the Investigate -> Traffic section. The events are categorized and viewable as follows:
| Category | Type | Description |
|---|---|---|
| DNS Logs | DNS_LOG | Correlation of Threat Intelligence with DNS log information gathered from cloud provider. |
| VPC Logs | VPC_LOG | Correlation of Threat Intelligence with VPC log information gathered from cloud provider. |
Each of the logs categories can be sent to a SIEM using a Log Forwarding Profile and attaching to Cloud Accounts. The SIEMs currently supported by Valtix are:
To forward Discovery Logs to a SIEM, use the steps below:
Create a Profile¶
- Navigate to Manage -> Profiles -> Log Forwarding
- Click Create
- Fill in the appropriate parameters (refer to the SIEM-specific documentation)
- Click Save
- Associate the Log Profile to the desired Cloud Accounts (refer to Associate Log Profile to Cloud Accounts)
Edit a Profile¶
- Navigate to Manage -> Profiles -> Log Forwarding
- Check the box next to the Profile you want to Edit
- Click Edit
- Modify the parameters as desired (refer to the SIEM-specific documentation)
- Click Save
View a Profile Details¶
- Navigate to Manage -> Profiles -> Log Forwarding
- Select the Profile link you want to view the Details
- View the Details information
Associate Log Profile to Cloud Accounts¶
- Navigate to Manage -> Cloud Accounts -> Accounts
- Check the box next the Cloud Account you want to enable Discovery Log Forwarding.
- Click Actions -> Update Log Profile
- Select the Log Profile object for Cloud Logs Forwarding Profile.
- Click Save & Continue