Last updated: 2019-02-19
Purpose
This article provides set up information on the Syslog integration on HIAB.
Introduction
The Syslog integration allows the HIAB appliance to forward system events and security notifications to an external syslog server. Syslog is a widely used protocol for collecting and centralizing log messages from multiple systems across an IT environment. By enabling this integration, events generated by the vulnerability management platform—such as scan activity, system notifications, and operational alerts—can be transmitted to a centralized logging or security monitoring system.
This capability is useful for organizations that rely on centralized logging or SIEM platforms to monitor infrastructure and security activity. When HIAB sends events to a syslog server, security teams can correlate vulnerability scanning events with logs from other systems, improving visibility across the environment. Centralized logging also supports incident investigation, auditing, and compliance requirements by maintaining a consistent record of system activity and security-related events generated by the scanning platform.
HIAB can pass logs and findings via Syslog events, which work with virtually any other security solution in the market, custom implementation of this with a wide range of SIEMs and event correlations systems among our existing MSSPs and partners already. For example: ArcSight.
Set Up Syslog
To set up Syslog:
-
Go to Menu > Settings > Integrations.
-
Select the Syslog tab.
-
Provide the below information to use Syslog:
|
Option |
Description |
|---|---|
|
Host |
Provide the hostname. |
|
Port |
Provide the port that Syslog is using to communicate. |
|
Facility |
Choose a facility code from the drop-down menu. Facility code is used to specify the type of program that is logging the message. |
|
Prefix |
Enter any word that you want to add as a prefix for each line. |
|
Protocol |
Select one of the protocols from the drop-down menu. |
|
Send audit log |
Check this box to receive audit log. |
|
Arcsight |
Click on this field to use the ArcSight format. |
|
TLS |
Click on this field to encrypt data. Use secure transport layer. |
|
Certificate |
Upload the certificate for the Syslog server. Only needed if TLS is enabled. |
|
Certificate uploaded |
Displays if any certificate has been uploaded. |
|
Status |
Click on this button to check the network connectivity. |
|
Save |
Click on this button to save your current settings. |
Related Articles
- ServiceNow - Legacy
- Identity Provider Settings
- Okta Identity Provider Configuration
- Database Connector (HIAB only)
- Azure AD Identity Provider Configuration
- SNMP (HIAB only)
- ADFS Identity Provider Configuration
- Splunk
- Amazon
- Atlassian Jira
- Syslog (HIAB only)
- Thycotic
- OneLogin Identity Provider Configuration
- CyberArk
- LDAP/AD