Skip to content

Discovery Log Forwarding

Overview

Discovery logs may be forwarded to Security Information Event Management (SIEM) systems to aggregate all security events into a single management platform.

Valtix supports viewing security event information directly within the UI. These events are available under the Investigate -> Traffic section. The events are categorized and viewable as follows:

Category Type Description
DNS Logs DNS_LOG Correlation of Threat Intelligence with DNS log information gathered from cloud provider.
VPC Logs VPC_LOG Correlation of Threat Intelligence with VPC log information gathered from cloud provider.

Each of the logs categories can be sent to a SIEM using a Log Forwarding Profile and attaching to Cloud Accounts. The SIEMs currently supported by Valtix are:

To forward Discovery Logs to a SIEM, use the steps below:

Create a Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Click Create
  3. Fill in the appropriate parameters (refer to the SIEM-specific documentation)
  4. Click Save
  5. Associate the Log Profile to the desired Cloud Accounts (refer to Associate Log Profile to Cloud Accounts)

Edit a Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Check the box next to the Profile you want to Edit
  3. Click Edit
  4. Modify the parameters as desired (refer to the SIEM-specific documentation)
  5. Click Save

View a Profile Details

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Select the Profile link you want to view the Details
  3. View the Details information

Associate Log Profile to Cloud Accounts

  1. Navigate to Manage -> Cloud Accounts -> Accounts
  2. Check the box next the Cloud Account you want to enable Discovery Log Forwarding.
  3. Click Actions -> Update Log Profile
  4. Select the Log Profile object for Cloud Logs Forwarding Profile.
  5. Click Save & Continue