Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
803
Views
0
Helpful
1
Replies

Cisco Endpoint Security to send syslogs

Subi
Level 1
Level 1

‎02-17-2023 10:19 AM

Hi team,

Is it possible to send Cisco Endpoint security logs to Ubuntu syslog server via API ?

We are planning to connect Cisco endpoint security logs to Azure Sentinel and its possible as per the document but it require server less - Azure function ( which has extra cost)

As we already have Ubuntu server which collects the Syslog from other networking appliances and forwards to Sentinel workspace. We wanted to know if we can send the Cisco endpoint logs to ubuntu syslog server ?

 

0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎02-17-2023 10:39 AM

No, not directly from the platform. Depending on the SEIM, most of them have a way to get it, but they all use the API.
If you're using Elastic, I know that Logrhythm (which is just elastic underneath) uses a beat, but I think they built it themselves.
There's a way to do it here using RabbitMQ (because in the end you need a queueing system to process the data) https://www.linkedin.com/pulse/your-endpoints-siem-fabio-lichinchi/
0 Helpful
Top