To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Send data to a syslog server

Sergio
Sergio W/ Alumni Posts: 1 Security Scout

Hi everyone, I use WithSecure Elements EDR and EPP for Computers Premium, how can I send data to a syslog server? Thank you.

Answers

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 489 Moderator
    edited October 2022

    Hi Sergio,

    Element EPP for Computers does not have a Syslog support.


    We recommend making use of the WMI API.


    You can refer to the documentation in the Help Center for more information on how to integrate the RMM with the Elements EPP:


    https://help.f-secure.com/product.html#business/psb-portal/latest/en/concept_E55FFF0187A54B79B30637C7983BDCC8-psb-portal-latest-en


    Also, the following documentation has a briefing on how to enable WMI on the Elements EPP managed client, and a brief example on how to retrieve the product information using WMI:


    https://help.f-secure.com/product.html#business/psb-portal/latest/en/task_D863946C3247471F948CD82785CC1A3A-psb-portal-latest-en

  • MikaArasola
    MikaArasola W/ Partner, W/ Staff, W/ Product Leadership Posts: 67 W/ Staff

    Hi!

    We actually do have the possibility to forward information on detections to a syslog server by using the WithSecure Elements Connector. In this case the clients will not connect to the Syslog server, rather they will forward the events to the Elements backend (visible in Security Events) and the Connector will fetch detections from the backend periodically and forward them to your service.

    While this page mainly talks about forwarding data to SIEM's, it supports basic Syslog and as such works for any Syslog receiver.

    The Elements connector supports two modes of operation which can be used independently or together.

    • A kind of proxy caching updates delivered to the clients to save bandwidth (soon coming the possibility to work as a full proxy in isolated environments)
    • Event forwarding (pulling Security Events from Elements backend and forwarding them to your internal system in Syslog / CEF / LEEF formats

    Elements connector is free for EPP / EDR customers

This discussion has been closed.