Skip to content

How to Collect Syslog Data from Securden EPM for Centralized Activity Tracking and Network Monitoring?

You can collect syslog data from Securden EPM and send it to your SIEM solution for tracking activities, events, and monitoring your network centrally. Securden readily integrates with various SIEM solutions including Splunk, IBM QRadar, Azure Sentinel, LogRhythm, and others. You can follow the steps in this document to configure integration between your SIEM solution and Securden Endpoint Privilege Manager.

How to Integrate SIEM Solutions with Securden EPM?

Event logs from Securden can be sent to SIEM solutions. The logs are sent as Syslog messages to the SIEM tools. All you need to do is configure the Syslog server settings in Securden. You have the option to send events pertaining to all activities in Securden to the SIEM tool or certain specific events alone.

Navigate to Admin >> Integrations >> Syslog for SIEM and follow the steps below for configuring the syslog server settings in Securden EPM.

Syslog Server Settings

  • Provide a suitable identifier for the Syslog Server along with the server hostname or IP address.

  • Specify the Connection Mode of your Syslog server.

Syslog server settings

  • Once the connection mode is specified, the port numbers will be filled automatically. You can modify the port number if necessary.

  • You must specify the severity level that must be associated with the syslogs sent from EPM.

  • Securden supports RFC5424 and CEF Syslog formats. Specify the desired Syslog format.

SIEM Integeration

  • You have the option to granularly select the events for which syslog messages are sent to the server. If you want to send Syslog messages for all events, select All events. If you want to select specific events, click on Specific Events.

    • Select the privilege management activities for which you want to send syslog messages.

    SIEM Integration

    • Select the user management activities for which you want to send syslog messages.

  • For TCP and UDP connection modes, you have the option to send a copy of the syslog messages as a direct message.

  • Once all the preferences are set, click on Send Test Log (Available only for TCP connection mode.)

How to Configure Azure Sentinel Integration with EPM?

You can configure Azure Sentinel Integration with Securden EPM using the steps outlined in this section. Once integrated, the Syslog data sent by Securden EPM will be collected by Azure Sentinel. You will be able to view the data in your Azure Portal.

Navigate to this section for the instructions to set up Azure Sentinel for collecting syslog from Securden EPM.

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly.

Thanks for sharing your details.
We will be in touch with you shortly.