Integrate with Loggly

In this topic, you will learn how to send Portnox™ Cloud alerts to the Loggly SIEM solution.

Get source information from Loggly

In this section, you will learn where to find information in Loggly that is necessary to set up the integration with Portnox™ Cloud.

  1. Open your Loggly dashboard in the browser.
  2. In the left-hand side menu, click on the Logs icon, and select the Source Setup option.

  3. In the right-hand side pane, in the Recommended Log Sources section, click on the HTTP/S Event Endpoint tile.

  4. In the Step 2: Configure Your App section, click on the  ⧉  icon to copy the URL. Then, save this URL in a temporary file. You will need to enter it in Portnox Cloud later.

  5. Click on the Customer Tokens tab, and then click on the  ⧉  icon to copy the customer token value. Then, save this value in a temporary file. You will need to enter it in Portnox Cloud later.

Configure Portnox Cloud

In this section, you will learn how to configure Portnox™ Cloud to send alert data to the Loggly collector.

  1. In the Cloud portal top menu, click on the Settings option.

  2. In the Cloud portal left-hand menu, click on the Integration Services > SIEM INTEGRATION SERVICE option.

  3. Create a new SIEM integration with Loggly.
    1. In the SIEM integration service section, click on the Add new SIEM link.

      The NEW SIEM INTEGRATION section opens.

    2. In the Type field, select the Custom option.

    3. In the Name field, enter the name for the new integration.

      In this example, we used the name Loggly but you can use any name you like.

    4. In the Status field, select the Enabled option.

    5. In the Protocol type field, select the HTTPS option.

    6. In the Endpoint url field, paste the URL that you copied earlier from Loggly.

    7. In the Authentication token field, paste the token that you copied earlier from Loggly.

    8. In the Data format field, select the JSON option.

    9. Click on the Save button to add the integration.

    10. Optional: Test the configuration by clicking on the Test button.

  4. Optional: To configure the types of alerts sent to your SIEM solution, see the following topic: Portnox Cloud alerts.
    Note: To learn more about the content and format of alert messages sent to SIEM solutions, see the following topic: Format and content of alert information for SIEM.

    You can also send all of the Portnox Cloud activity log (activities performed by administrators in Portnox Cloud) to your SIEM solution. To do this, go to Troubleshooting > ACTIVITY LOG > Log Settings, activate the Activity log switch, and click on the Save button.

Result: Loggly is receiving alerts from Portnox Cloud. You can check it using the Loggly Log Explorer.