Forward Syslogs for Enterprise DLP Audit Logs
Focus
Focus
What's New in the NetSec Platform

Forward Syslogs for Enterprise DLP Audit Logs

Table of Contents


Forward Syslogs for Enterprise DLP Audit Logs

Configure one or more Log Forwarding profiles to forward Enterprise Data Loss Prevention (E-DLP) audit syslogs to manage and create workflows.
Enterprise Data Loss Prevention (E-DLP) provides a 90-day window for all audit logs generated your security administrators make configuration changes. This can create challenges for security teams requiring long-term audit log retention and analysis. Without a way to preserve these critical events, organizations struggle to maintain comprehensive audit trails necessary for compliance, forensic investigations, and regulatory requirements. You can now create a Log Forwarding profile to automatically forward all Enterprise DLP your audit logs solves to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems. This enables your SOC Analysts and Incident admins to integrate Enterprise DLP into established workflows to effectively triage, review, and resolve changes to your Enterprise DLP configuration changes that might have resulted in a data security incident. You can configure a single Log Forwarding profile for multiple enforcement points or you can create a different Log Forwarding profile for each. You can associate the same enforcement channel with multiple Log Forwarding profiles.
Enterprise DLP forwards audit syslogs over a UDP or TCP port, and requires a persistent connection to your SIEM, SOAR, or ticketing system to forward audit syslogs. Enterprise DLP can only forward audit syslogs while successfully connected to your SIEM, SOAR, or ticketing system. Enterprise DLP automatically continues forwarding your Enterprise DLP audit syslogs to your SIEM, SOAR, or ticketing system after you restore connectivity. However, Enterprise DLP can't forward any syslogs generated while Enterprise DLP and your SIEM, SOAR, or ticketing system are disconnected.