topic Re: Cisco Endpoint Security to send syslogs in Endpoint Security

Cisco Endpoint Security to send syslogs

Subi — Fri, 17 Feb 2023 18:19:21 GMT

Hi team,

Is it possible to send Cisco Endpoint security logs to Ubuntu syslog server via API ?

We are planning to connect Cisco endpoint security logs to Azure Sentinel and its possible as per the document but it require server less - Azure function ( which has extra cost)

As we already have Ubuntu server which collects the Syslog from other networking appliances and forwards to Sentinel workspace. We wanted to know if we can send the Cisco endpoint logs to ubuntu syslog server ?

Re: Cisco Endpoint Security to send syslogs

Ken Stieers — Fri, 17 Feb 2023 18:39:24 GMT

No, not directly from the platform. Depending on the SEIM, most of them have a way to get it, but they all use the API.
If you're using Elastic, I know that Logrhythm (which is just elastic underneath) uses a beat, but I think they built it themselves.
There's a way to do it here using RabbitMQ (because in the end you need a queueing system to process the data) https://www.linkedin.com/pulse/your-endpoints-siem-fabio-lichinchi/