Feb 28 2018 09:38 AM
https://docs.microsoft.com/en-us/cloud-app-security/siem
These instructions seem pretty straight forward but what is this "server" mentioned in the instructions and what is its function?
Are there any minimum build spec I can give my server team to build to?
Integrating with your SIEM is accomplished in three steps:
Mar 05 2018 06:04 AM
SolutionHello Ed,
The SIEM Agent needs to be installed on a server which will connect to Cloud App Security and then forward the alerts and activities to your SIEM Server.
This server needs to be able to access both the internet and the SIEM Server, no other special requirements (it can be your general IT server for example).
Regards,
Dima.
Dec 18 2019 07:47 AM
@Dima Donhin So when I have a distributed Splunk environment for example. I have A Syslog Server, SearchHead, Heavy Forwarder, and Indexes etc. Would the agent go on the Syslog Server?
Dec 23 2019 03:45 AM
May 25 2022 06:06 AM
Mar 05 2018 06:04 AM
SolutionHello Ed,
The SIEM Agent needs to be installed on a server which will connect to Cloud App Security and then forward the alerts and activities to your SIEM Server.
This server needs to be able to access both the internet and the SIEM Server, no other special requirements (it can be your general IT server for example).
Regards,
Dima.