Integrating SIEM Agent with Event Manager
Event Manager can be integrated with Powertech SIEM Agent as an Output. Event Manager is a Security Information Event Management (SIEM) solution that gives organizations insights into potential security threats across critical networks through data normalization and threat prioritization, relaying actionable intelligence and enabling proactive vulnerability management. This is possible via a centralized analysis of security data pulled from a variety of systems.
Features include:
- Real-time threat prioritization
- Normalized language for meaningful interpretation
- Integration with third party applications
- Event correlation for in depth forensic analysis
- Logging and customized reporting for regulation compliance
To learn more about Event Manager's capabilities, see Event Manager.
To integrate Powertech SIEM Agent with Event Manager
- In SIEM Agent, set up an Output for the IP address of the Event Manager system. See Configuring Outputs.
-
Configure Event Sources to use the new Output as desired. For example, to forward Events from the security audit journal to Event Manager, add the new Output to the Default Output for the AUDIT Event Source. See Configuring Events and Event Sources.
- In Event Manager, configure an Asset for SIEM Agent. See Adding an Asset in the Event Manager User Guide.