get logs/API

StevenGE · April 2016

Hi, I am using the PSB services and I am creating a SOC. we would like to be able to get the information from the PSB into our SOC... is it possible? essentially, we would like to get the AV, update & firewall events. If the PSB cannot send them is it possible to get this information from the workstations? thanks for your help.

NickJ · April 2016

Hi Steven,

It would be great if we could set a syslog server in a PSB profile and have PSB clients pump all the logs straight into a SIEM, but this isn't possible.

The best that is available is the WMI provider, but it doesn't provide anything like the detail you will require for a SOC:

https://help.f-secure.com/product.html#business/psb-portal/2016/en/concept_E55FFF0187A54B79B30637C7983BDCC8-psb-portal-2016-en

StevenGE · April 2016

Thanks. I did not know about this. it is a start... may be I'll be able to send notifications by email than catch them in the SOC... Still hoping for this functionality though...

get logs/API

Comments

Categories