I need to use a syslog server to send firewall to SecOps via the Fowarders agent, but i also want to use in this server the Connectors logs of the firewall.
It is possible to use the same Siemplify agent (SOAR) to send Forwarders logs (SIEM) or the only way to this work in the Syslog server is to use two agents?
Solved
It is possible to use the same Siemplify agent (SOAR) to send Forwarders logs (SIEM) ?
Best answer by mikewilusz
The SOAR remote agent acts as a proxy to allow the SOAR to use non-Internet resources for things like enrichment and actions. It does not do log collection for the SIEM.
The Chronicle Forwarder, or now also Bindplane/Chronicle Collection Agent, do actual syslog collection and relay to the SIEM. These can run the same server as the remote agent, but they are distinct functionality.
-mike
+10The SOAR remote agent acts as a proxy to allow the SOAR to use non-Internet resources for things like enrichment and actions. It does not do log collection for the SIEM.
The Chronicle Forwarder, or now also Bindplane/Chronicle Collection Agent, do actual syslog collection and relay to the SIEM. These can run the same server as the remote agent, but they are distinct functionality.
-mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.