Integrating with SIEM platforms

In this collection of topics, you will learn how to integrate Portnox™ Cloud with different security information and event management (SIEM) platforms.

Portnox Cloud integrates with SIEM platforms by exporting events, which security analysts can classify and analyze using the SIEM platform.

You can export the following types of events:

  • All Cloud alerts, for example, device connections, connection failures, synchronization with external repositories, and more.

  • All the actions in the Cloud web interface, for example, creating a group, modifying a policy, and more.

Note: You cannot export detailed AAA logs to SIEM platforms.

For examples how to integrate Cloud with a specific platform, see the menu on the left-hand side. Note that Cloud is compatible with all SIEM platforms that can import syslog events, which means practically all existing SIEM platforms.

To learn more about the content and format of alert messages sent to SIEM, see the following topic: Format and content of alert information for SIEM.

To configure the types of alerts sent to SIEM, see the following topic: Portnox Cloud alerts.