Syslogs are a standard log transport mechanism that enables aggregation of log data from different network devices into a central repository for archiving, analysis, and reporting. You can now create a Log Forwarding profile to automatically forward Enterprise Data Loss Prevention (E-DLP) Data Security incident syslogs to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems. This enables your SOC Analysts and Incident admins to integrate Enterprise DLP into established workflows to effectively triage, review, and resolve data security risks that occur in your organization. You can configure a single Log Forwarding profile for multiple enforcement points or you can create a different Log Forwarding profile for each. You can associate the same enforcement channel with multiple Log Forwarding profiles.

Enterprise DLP forwards DLP incident syslogs over a UDP or TCP port, and requires a persistent connection to your SIEM, SOAR, or ticketing system to forward DLP incident syslogs. Enterprise DLP can only forward DLP incident syslogs while successfully connected to your SIEM, SOAR, or ticketing system. Enterprise DLP automatically continues forwarding your Enterprise DLP incident syslogs to your SIEM, SOAR, or ticketing system after you restore connectivity. However, Enterprise DLP can't forward any syslogs generated while Enterprise DLP and your SIEM, SOAR, or ticketing system are disconnected.