> Essential > Monitor Backups > Security Integrations > Security Orchestration Automation and Response > Palo Alto Cortex XSOAR > Running an Integration > Long Running Integrations Using SIEM Connectors

Long Running Integrations as a SIEM Connector Using Syslog

You can implement a long running integration as a SIEM connector using Syslog.

Procedure

  1. Generate and save an access token. For more information, see Creating an Access Token.

  2. Configure the Rsyslog server.

  3. Open the rsyslog.conf file (default location is /etc/rsyslog.conf) and append the following argument:

     
    :msg, contains, "Alert" @@<RSYSLOG-SERVER-IP-ADDRESS>:<VALID-AVAILABLE-PORT>

    For example:

    :msg, contains, "Alert" @@127.0.0.1:10515

  4. Save the rsyslog.conf file.

  5. Create a Commvault Security IQ instance at XSOAR as follows. For more information, see Commvault Security IQ.

    1. Specify Commvault API Token.

    2. Specify Commvault Webservice URL.

    3. Enable Long Running Instance.

    4. In Port Mapping, enter the port number used in Step 3, above.

    5. Select Forwarding Rule as Syslog.

  6. Restart Rsyslog server services.

  7. Configure the Syslog server. For more information, see Configuring a Syslog Server.

  8. Add an SIEM connector for the Syslog server. For more information, see Adding an SIEM Connector for a Syslog Server.

Loading...