Forum Discussion
MCAS SIEM Intergration - Server question
https://docs.microsoft.com/en-us/cloud-app-security/siem
These instructions seem pretty straight forward but what is this "server" mentioned in the instructions and what is its function?
Are there any minimum build spec I can give my server team to build to?
Integrating with your SIEM is accomplished in three steps:
- Set it up in the Cloud App Security portal.
- Download the JAR file and run it on your "server".
- Validate that the SIEM agent is working.
Prerequisites
- A standard Windows or Linux server (can be a virtual machine).
- The server must be running Java 8; earlier versions are not supported.
Hello Ed,
The SIEM Agent needs to be installed on a server which will connect to Cloud App Security and then forward the alerts and activities to your SIEM Server.
This server needs to be able to access both the internet and the SIEM Server, no other special requirements (it can be your general IT server for example).
Regards,
Dima.
Dima DonhinMicrosoft
Hello Ed,
The SIEM Agent needs to be installed on a server which will connect to Cloud App Security and then forward the alerts and activities to your SIEM Server.
This server needs to be able to access both the internet and the SIEM Server, no other special requirements (it can be your general IT server for example).
Regards,
Dima.
Dima Donhin So when I have a distributed Splunk environment for example. I have A Syslog Server, SearchHead, Heavy Forwarder, and Indexes etc. Would the agent go on the Syslog Server?
- Dima DonhinEither of them as long as it has access to both the SYSLOG server (i am assuming this is your SIEM server) and outbound to MCAS URL's
