Layer7 Privileged Access Management

Expand all | Collapse all

SIEM Integration

Jump to Best Answer
  • 1.  SIEM Integration

    Posted 01-24-2018 04:36 AM

    Can CA-PAM be integrated with logrhythm SIEM tool and what all SIEM tools it can be integrated. Does CA-PAM have in build connectors used to parse logs in a format that can be under by different SIEM tools?

     

    ArcSight,

    Q-radar



  • 2.  Re: SIEM Integration
    Best Answer

     
    Posted 01-24-2018 05:14 AM

    The normal way to send events to a SIEM server is via Syslog. I think all decent SIEM systems will be able to receive Syslog messages. The documentation describes how to set up a Remote Syslog Server Configuration. In general, the SIEM system would need to write/implement the parsers

     

    Also, there is a specific PAM integration for Splunk as PAM includes a Splunk Forwarder and can send the data as key/value pairs. Splunk Configuration is also in the documentation.