| Where Can I Use This? | What Do I Need? |
|---|
|
|
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise Plus,
Industrial OT, or Medical)
Device Security X subscription
One of the following Cortex XSOAR setups:
A free, cohosted, limited-featured
Cortex XSOAR instance
AND
A free Cortex XSOAR Engine (on-premises integration)
A full-featured Cortex XSOAR server
|
From Device Security, send a security alert to SIEM from the
Alerts Inventory page. You can also do this in the Actions menu in the Alert section
on the Device Details page.
By integrating Device Security through Cortex XSOAR with a third-party SIEM server,
Cortex XSOAR automatically exports data about devices, security alerts, and device
vulnerability in periodic incremental updates from Device Security to SIEM. Therefore,
it might be unnecessary to send a security alert to SIEM manually. However, if you
haven’t performed a bulk export to SIEM and you want to send a security alert that
wasn’t exported through the automatic incremental update process, then you can use
this option to send it manually.
Strata Cloud Manager
Manually send security alerts from Device Security in Strata Cloud Manager through
Cortex XSOAR to SIEM.
Log in to the
Device Security portal and select an alert on
.
Click .
Device Security
sends the security alert in Common Event Format (CEF) through Cortex XSOAR to the SIEM server.
Legacy IoT Security
Manually send security alerts from the Device Security portal through
Cortex XSOAR to SIEM.
Log in to the
Device Security portal and select an alert on
.
Click .
Device Security
sends the security alert in Common Event Format (CEF) through Cortex XSOAR to the SIEM server.
