Send Security Alerts to SIEM
Focus
Focus
Device Security

Send Security Alerts to SIEM

Table of Contents

Send Security Alerts to SIEM

Manually send security alerts from Device Security through Cortex XSOAR to SIEM.
Where Can I Use This?What Do I Need?
  • Device Security (Managed by Strata Cloud Manager)
  • (Legacy) IoT Security (Standalone portal)
One of the following subscriptions:
  • Device Security subscription for an advanced Device Security product (Enterprise Plus, Industrial OT, or Medical)
  • Device Security X subscription
One of the following Cortex XSOAR setups:
  • A free, cohosted, limited-featured Cortex XSOAR instance
    AND
    A Cortex XSOAR Engine (on-premises integration)
  • A full-featured Cortex XSOAR server
From Device Security, send a security alert to SIEM from the Alerts Inventory page. You can also do this in the Actions menu in the Alert section on the Device Details page.
By integrating Device Security through Cortex XSOAR with a third-party SIEM server, Cortex XSOAR automatically exports data about devices, security alerts, and device vulnerability in periodic incremental updates from Device Security to SIEM. Therefore, it might be unnecessary to send a security alert to SIEM manually. However, if you haven’t performed a bulk export to SIEM and you want to send a security alert that wasn’t exported through the automatic incremental update process, then you can use this option to send it manually.

Strata Cloud Manager

Manually send security alerts from Device Security in Strata Cloud Manager through Cortex XSOAR to SIEM.
  1. Log in to the Device Security portal and select an alert on AlertsSecurity Alerts.
  2. Click MoreSend toSIEM.
    Device Security sends the security alert in Common Event Format (CEF) through Cortex XSOAR to the SIEM server.

Legacy IoT Security

Manually send security alerts from the Device Security portal through Cortex XSOAR to SIEM.
  1. Log in to the Device Security portal and select an alert on AlertsSecurity AlertsAll Alerts.
  2. Click MoreSend toSIEM.
    Device Security sends the security alert in Common Event Format (CEF) through Cortex XSOAR to the SIEM server.