Table of Contents
Advertisement
1
O
You can configure SIEM to log and correlate events received from external
sources such as security equipment (for example, firewalls), and network
equipment (for example, switches and routers). Device Support Modules (DSMs)
allows you to integrate SIEM with these external devices.
In SIEM 7.6.3 and above, sensor devices are now referred to as log sources.
Therefore, all references to log sources also refer to sensor devices.
You can configure the Event Collector to collect security events from various types
of security devices in your network. The Event Collector gathers events from local
and remote devices. The Event Collector then normalizes and bundles the events
and sends the events to the Event Processor.
All events are correlated and security and policy offenses are created based on
correlation rules. These offenses are displayed on the Offenses tab. For more
information, see the SIEM Users Guide.
NOTE
Before you configure SIEM to collect security information from devices, you must
set-up your deployment, including off-site sources or targets, using the
deployment editor. For more information on the deployment editor, see the SIEM
Administration Guide.
NOTE
Information found in this documentation about configuring Device Support
Modules (DSMs) is based on the latest RPM files located on the Enterasys
Extranet, located at http://extranet.enterasys.com/downloads.
To configure SIEM to receive events from devices, you must:
Configure the device to send events to SIEM.
1
Configure SIEM to receive events from specific devices. For more information, see
2
the Log Sources User Guide.
VERVIEW
Configuring DSMs
Advertisement
Table of Contents
