Send data to a syslog server

Sergio

Hi everyone, I use WithSecure Elements EDR and EPP for Computers Premium, how can I send data to a syslog server? Thank you.

JamesC

Hi Sergio,

Element EPP for Computers does not have a Syslog support.

We recommend making use of the WMI API.

You can refer to the documentation in the Help Center for more information on how to integrate the RMM with the Elements EPP:

https://help.f-secure.com/product.html#business/psb-portal/latest/en/concept_E55FFF0187A54B79B30637C7983BDCC8-psb-portal-latest-en

Also, the following documentation has a briefing on how to enable WMI on the Elements EPP managed client, and a brief example on how to retrieve the product information using WMI:

https://help.f-secure.com/product.html#business/psb-portal/latest/en/task_D863946C3247471F948CD82785CC1A3A-psb-portal-latest-en

MikaArasola

Hi!

We actually do have the possibility to forward information on detections to a syslog server by using the WithSecure Elements Connector. In this case the clients will not connect to the Syslog server, rather they will forward the events to the Elements backend (visible in Security Events) and the Connector will fetch detections from the backend periodically and forward them to your service.

https://connect.withsecure.com/

While this page mainly talks about forwarding data to SIEM's, it supports basic Syslog and as such works for any Syslog receiver.

The Elements connector supports two modes of operation which can be used independently or together.

• A kind of proxy caching updates delivered to the clients to save bandwidth (soon coming the possibility to work as a full proxy in isolated environments)
• Event forwarding (pulling Security Events from Elements backend and forwarding them to your internal system in Syslog / CEF / LEEF formats

Elements connector is free for EPP / EDR customers