SIEM and GateKeeper Proximity Integration.
GateKeeper Proximity integrates with security information and event management (SIEM) solutions to provide real-time security data generated by users, computers, and activity to generate reports for compliance and auditing purposes. GateKeeper Proximity can help SOCs with collecting more accurate log event data, anomaly detection, investigating incidents, and combating malicious or accidental insider leaks.
Setup Connection to SIEM System:
1. Log on to the GateKeeper Hub website with your administrator credentials.
2. Click on the Administration link at the top right of the page.
3. Click on the SIEM Connection menu item.
4. Click on the + Add SIEM Connection button.
5. Fill in the form to connect the Hub to your SIEM provider. You will need the URL/endpoint for the SIEM data collection provided by your vendor, and any Authorization credentials for your SIEM account. GateKeeper Hub supports No Auth, Basic Auth, Bearer Token, and API Key authorization. Additional Headers for the REST API request can also be included here.
6. Send a test message using the Send a test message button on the form.
7. Once you have confirmed that the message was received at your SIEM, please save the connection.
8. Now every event log received by the GateKeeper Hub server will be sent to your SIEM service.
GateKeeper Event Log Format:
GateKeeper event logs are sent as JSON objects with the following format.
{ "Source": "GateKeeper Hub", "Events": [ { "Host": "Test-Machine", "DateTime": "2020-10-11T21:37:00.33Z", "User": "John Williams", "Event": "GateKeeper Unlock" } ] }
For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.
-------------------
SIEM integration; GateKeeper for SIEM; SIEM GateKeeper; event management with GateKeeper; log management with GateKeeper SIEM; GateKeeper for security; SOC; SIEM and GateKeeper integration; GateKeeper and Loggly integratino; does loggly work with GateKeeper Enterprise?; SOC command center; GateKeeper for SOC;
Comments
0 comments
Please sign in to leave a comment.