Aug 03 2018
08:21 AM
- last edited on
Nov 30 2021
10:08 AM
by
TechCommunityAP
Aug 03 2018
08:21 AM
- last edited on
Nov 30 2021
10:08 AM
by
TechCommunityAP
Hi,
From my understanding, ATA Gateway can be fed in three different ways:
-Port Mirroring
-SIEM
-WEF
Then, if you are using the lightweight Gateway, you do not need Port Mirroring or WEF, however, what are the SIEM logs used for ? I have read that only specific events can be forwarded from the SIEM to the Gateway, is that correct ? What are those events ?
Thank you,
Marc
Aug 03 2018 12:06 PM
SolutionIf you are running all Lightweight GWs > 1.8 , there is no additional value in incoming SIEM traffic.
ATA will read all the needed events locally.
SIEM has additional value in standalone GWs scenario, or in older version of ATA where we did not read event locally.
Aug 03 2018 12:06 PM
SolutionIf you are running all Lightweight GWs > 1.8 , there is no additional value in incoming SIEM traffic.
ATA will read all the needed events locally.
SIEM has additional value in standalone GWs scenario, or in older version of ATA where we did not read event locally.