get logs/API

Hi, I am using the PSB services and I am creating a SOC. we would like to be able to get the information from the PSB into our SOC... is it possible? essentially, we would like to get the AV, update & firewall events. If the PSB cannot send them is it possible to get this information from the workstations? thanks for your help.

Find more posts tagged with

Comments

StevenGE

Thanks. I did not know about this. it is a start... may be I'll be able to send notifications by email than catch them in the SOC... Still hoping for this functionality though...

NickJ

Hi Steven,

It would be great if we could set a syslog server in a PSB profile and have PSB clients pump all the logs straight into a SIEM, but this isn't possible.

The best that is available is the WMI provider, but it doesn't provide anything like the detail you will require for a SOC:

https://help.f-secure.com/product.html#business/psb-portal/2016/en/concept_E55FFF0187A54B79B30637C7983BDCC8-psb-portal-2016-en

Quick Links

All Categories
Recent Posts
Unanswered