Skip to content

Log Forwarding - Discovery Logs

Overview

Discovery logs may be forwarded to Security Information Event Management (SIEM) systems to aggregate into a single management platform.

Valtix supports viewing security event information directly within the UI. These events are available under the Investigate -> Traffic section. The events are categorized and viewable as follows:

Category Type Description
DNS Logs DNS_LOG Correlation of Threat Intelligence with DNS Log information gathered from cloud provider
VPC Logs VPC_LOG Correlation of Threat Intelligence with VPC/VNet Flow Log information gathered from cloud provider

Each of the categories can be sent to a SIEM using a Log Forwarding Profile and attaching the Profile to the onboarded Cloud Account. The Log Forwarding destinations currently supported by Valtix are:

To forward Discovery Logs, use the steps below:

Standalone Profile

Create a Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Click Create
  3. Specify a Profile Name and Description
  4. Specify Type as Standalone
  5. Fill in the appropriate parameters (refer to the SIEM-specific documentation)
  6. Click Save
  7. Associate the Log Profile to the desired Cloud Accounts (refer to Add a Cloud Account Association)

Edit a Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Check the box next to the Profile you want to Edit
  3. Click Edit
  4. Modify the parameters as desired (refer to the SIEM-specific documentation)
  5. Click Save

Group Profile

Create a Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Click Create
  3. Specify a Profile Name and Description
  4. Specify Type as Group
  5. Add a row for to associate a Standalone Profile
  6. Click Save
  7. Add the desired Gateway Associations (refer to Add a Gateway Association)

Edit a Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Check the box next to the Profile you want to Edit
  3. Click Edit
  4. Modify, Add or Remove Standalone Profiles
  5. Click Save

Delete a Profile

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. View the Profile Details to view the Associated CSP Accounts
  3. Remove all Cloud Account Associations (refer to Remove a Cloud Account Association)
  4. Navigate to Manage -> Profiles -> Log Forwarding
  5. Check the box next to the Profile you want to Delete
  6. Click Delete
  7. Confirm the Delete operation by clicking Yes or No

View a Profile Details

  1. Navigate to Manage -> Profiles -> Log Forwarding
  2. Select the Profile link you want to view the Details
  3. View the Details information

Add a Cloud Account Association

  1. Navigate to Manage -> Cloud Accounts -> Accounts
  2. Check the box next the Cloud Account you want to associate the Profile
  3. Click Actions -> Update Log Profile
  4. Select the Log Profile object for Cloud Logs Forwarding Profile
  5. Click Save & Continue

Remove a Cloud Account Association

  1. Navigate to Manage -> Cloud Accounts -> Accounts
  2. Check the box next the Cloud Account you want to de-associate the Profile
  3. Click Actions -> Update Log Profile
  4. For the Cloud Logs Forwarding Profile parameter, click the 'X' next to the Profile to remove it
  5. Click Save & Continue