¶ SIEM
SIEM (Security Information and Event Management) is software that allows you to gain insight into the operation of the network in real time and, thus, detect current threats. SIEM class systems allow you to collect and analyze information from various sources. Thanks to the integration of the NACVIEW system with a SIEM class tool, the analysis and handling of security events is faster and more effective, which significantly increases network security. Below, you will find four ways to integrate both solutions: using Syslog frames, access policies, event definitions and using the API system.
¶ How to integrate NACVIEW with the SIEM system?
There are the four mentioned methods you can apply
¶ 1. Sending Syslog frames for authorization, DHCP, VPN and OTP modules
To learn how to configure Syslog frame forwarding for authorization, DHCP, VPN and OTP modules, see the Syslog Redirection manual available on www.nacview.com in the Knowledge base tab.
¶ 2. Frame sending configuration using access policies
1. Open the NACVIEW system menu and select Access Policies.
2. Click Details for the selected policy and select: Response action from the buttons that appear.
3. Complete the data sharing form, depending on the type of section: HTTP request, Syslog or External Script.
4. Save your set values and then: Install the list.
¶ 3.Frame sending configuration using event definitions
1. Open the NACVIEW system menu and select: Events definitions.
2. Click Create new.
3. Complete the form with the appropriate data depending on the selected action type: HTTP request, Syslog or External Script.
In order to integrate NACVIEW with the SIEM class system using REST API, use the commands available in the API documentation. You can find the documentation by clicking the button located on the main bar of the NACVIEW system, and then the Documentation - API button.
4. Now save your set values.
¶ 4.Integration via REST API
To integrate NACVIEW with the SIEM class system using REST API, use the commands available in the API documentation. You can find the documentation by clicking the button located on the main bar of the NACVIEW system, and then the Documentation - API button.
