The platform logs all operations in detail and can transmit a copy of them to SIEM products in real-time. Once integrated you can observe user behavior, create alerts, and take action, or pull logs for auditing purposes.
ℹ️ You must be a system user and assigned the Company Admin role before continuing.
🔢Steps to follow:
- Sign into the Living Security Phish Dashboard.
- Expand the Company dropdown.
- Click Company Settings.
- In the new menu click SIEM Integrations.
- Now click CREATE A NEW SIEM INTEGRATION.
- In the Wizard that pops up, name your SIEM Integration.
- Check or uncheck the box for History Logs depending on your preference.
- Choose your SIEM under integration type.
ℹ️ Currently, Splunk is the only integration type we support but we are planning to integrate more. In the meantime, you can use the REST API to manage and view audit logs.
9. Enter your SIEM Server URL, example https://prd-p-op170.splunkcloud.com:8088 and SIEM authentication token.
Test the connection now and save it to establish your SIEM integration. If the test connection fails please check your server URL and authentication token.
Questions? Please contact email@example.com