Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

ATA Gateway SIEM Integration

Copper Contributor

Hi,

 

From my understanding, ATA Gateway can be fed in three different ways:

-Port Mirroring

-SIEM

-WEF

 

Then, if you are using the lightweight Gateway, you do not need Port Mirroring or WEF, however, what are the SIEM logs used for ? I have read that only specific events can be forwarded from the SIEM to the Gateway, is that correct ? What are those events ?

 

Thank you,

 

Marc

1 Reply
best response confirmed by marc.biessy (Copper Contributor)
Solution

If you are running all Lightweight GWs  > 1.8 , there is no additional value in incoming SIEM traffic.

ATA will read all the needed events locally.


SIEM has additional value in standalone GWs scenario, or in older version of ATA where we did not read event locally.

1 best response

Accepted Solutions
best response confirmed by marc.biessy (Copper Contributor)
Solution

If you are running all Lightweight GWs  > 1.8 , there is no additional value in incoming SIEM traffic.

ATA will read all the needed events locally.


SIEM has additional value in standalone GWs scenario, or in older version of ATA where we did not read event locally.

View solution in original post