: Send Vulnerabilities to SIEM
Focus
Focus

Send Vulnerabilities to SIEM

Table of Contents

Send Vulnerabilities to SIEM

Manually send a device vulnerability to SIEM.
From the IoT Security portal, send a vulnerability to SIEM from the Risks > Vulnerabilities page. You can also do this in the Action menu in the Risks section on the Device Details page.
  1. Select a vulnerability to investigate.
    Log in to the IoT Security portal, click
    Risks
    Vulnerabilities
    , click a vulnerability name, and then select the check box of a vulnerable device or potentially vulnerable device that you want to investigate.
    The Send to SIEM panel appears.
  2. Add a comment.
    After you enter a comment, the Send button changes from gray to blue, indicating that you can proceed.
  3. Click
    Send
    .
    After you click
    Send
    , a link appears. When you click it, a new browser window opens to the XSOAR playbook for this action.
    To confirm that the vulnerability was sent, click the link to the XSOAR playbook for this action.
    For the link in IoT Security to open the corresponding playbook in Cortex XSOAR, you must already be logged in to your XSOAR instance before clicking it.
    The green boxes in the playbook indicate that a particular step was successfully performed. Following the path through the playbook gives you feedback about whether an action was carried out successfully or, if not, where the process changed course.
    Also, the action “Sent to SIEM” appears in the Vulnerability Responses column. If you don’t see this column, click the Columns icon ( ) and select
    Vulnerability Responses
    .

Recommended For You