Select the SIEM server.
Type
The type of SIEM server.
Type | SIEM server |
|---|---|
Splunk | Splunk Cloud to Splunk Enterprise server |
Syslog | Syslog server |
See SIEM requirements for the supported SIEM servers.
Mandatory: Yes
Host
The IP address or hostname of the external SIEM server.
Mandatory: Yes
Port
The port of the SIEM service.
In the Splunk configuration, this port is the "HTTP Event Collector" port.
Mandatory: Yes
Token
A secret authentication token provided by the external SIEM service.
Mandatory: When Type is Splunk.
Transport
The transport mode for connecting to the external SIEM service. Supported values are the following.
- TCP
- UDP
Mandatory: When Type is Syslog.
Syslog Format
The Syslog protocol format for connecting to the external SIEM service. Supported values are the following.
- RFC3164
- RFC5424
Mandatory: When Type is Syslog.