Forum Discussion

Copper Contributor

Feb 28, 2018

Solved

MCAS SIEM Intergration - Server question

https://docs.microsoft.com/en-us/cloud-app-security/siem These instructions seem pretty straight forward but what is this "server" mentioned in the instructions and what is its function? Are ther...

Cloud App Security

Dima Donhin
Mar 05, 2018
Hello Ed,

The SIEM Agent needs to be installed on a server which will connect to Cloud App Security and then forward the alerts and activities to your SIEM Server.

This server needs to be able to access both the internet and the SIEM Server, no other special requirements (it can be your general IT server for example).

Regards,

Dima.

Dima Donhin

Microsoft

Mar 05, 2018

Hello Ed,

The SIEM Agent needs to be installed on a server which will connect to Cloud App Security and then forward the alerts and activities to your SIEM Server.

This server needs to be able to access both the internet and the SIEM Server, no other special requirements (it can be your general IT server for example).

Regards,

Dima.

superoit

Copper Contributor

Dec 18, 2019

Dima Donhin So when I have a distributed Splunk environment for example. I have A Syslog Server, SearchHead, Heavy Forwarder, and Indexes etc. Would the agent go on the Syslog Server?

Dima Donhin
Microsoft
Dec 23, 2019
Either of them as long as it has access to both the SYSLOG server (i am assuming this is your SIEM server) and outbound to MCAS URL's
- SurVir
  Former Employee
  May 25, 2022
  What are high availability options for setting up SIEM Agent Server? How do we make sure it is not single point of failure and can scale?