Integration with SIEM

Overview

SiteWALL seamlessly integrates with any SIEM (Security Information and Event Management) platform using the industry-standard Syslog protocol. Once configured, SiteWALL automatically forwards real-time application security logs to your SIEM, enabling centralized visibility, alerting, and correlation with other security data sources.

Supported SIEM Platforms

SiteWALL supports integration with all major SIEM solutions using syslog, including but not limited to:

· Splunk

· IBM QRadar

· ArcSight

· Azure Sentinel

· LogRhythm

· Elastic SIEM

Benefits of SIEM Integration

· Centralized Visibility: View all security events across your environment in a single SIEM dashboard.

· Real-Time Threat Monitoring: Receive instant alerts on attacks, anomalies, or policy violations.

· Compliance Reporting: Simplify regulatory reporting by consolidating WAF logs with other system events.

· Incident Correlation: Correlate SiteWALL alerts with other network and endpoint security data.

· Long-Term Retention: Leverage SIEM’s storage and analytics for extended log retention and trend analysis.

Accessing SIEM Configuration

1. Login to the SiteWALL Management Portal.

2. Navigate to Configuration → SIEM.

A screenshot of a computer

AI-generated content may be incorrect.

A) Configuring SIEM Integration

Follow these steps to connect your SiteWALL deployment with your SIEM system:

1. Open SIEM Configuration Page

o Go to Configuration → SIEM in the left navigation pane.

2. Enter SIEM Details

Provide the required connection information:

o SIEM Name: Enter the name of your SIEM (e.g., Splunk, ArcSight, QRadar).

o IP Address: Enter the public IP address of your SIEM server.

o Port: Enter the listening port on which your SIEM accepts Syslog input (typically 514 for UDP or 6514 for TCP/TLS).

Note : Ensure that your SIEM’s Syslog receiver is publicly reachable or accessible from SiteWALL’s network.

3. Save Configuration

o Click Save Configuration to initiate the connection process.

4. Processing Status

o After saving, a success popup appears. Click on ‘OK’

o The configured SIEM details will display under Processing Status, indicating that SiteWALL is initiating the integration handshake.

5. Active Status Confirmation

o Once SiteWALL successfully connects to your SIEM, the status will automatically change from Processing to Active.

B) Post-Integration behaviour

Once active:

· SiteWALL begins transmitting real-time logs from your protected applications to your SIEM.

· Log entries include critical details such as:

o Timestamp

o Application name

o Source IP

o Action (Allowed/Blocked)

o Rule ID and Threat Name

o Country of origin

o Response code

· Each log is sent in Syslog format, ensuring seamless parsing and indexing within your SIEM.

C) Verification and Troubleshooting

To verify the integration:

· Check your SIEM’s live feed or Syslog receiver for SiteWALL events.

· Confirm that incoming events include your application names and timestamps.

If logs are not received:

· Ensure that the SIEM IP and Port are correctly entered.

· Verify that your SIEM’s firewall allows inbound traffic from SiteWALL’s public IP.

· Check whether your SIEM is listening on the correct Syslog protocol (UDP/TCP/TLS).

· Contact support@pagentra.com for assistance if the status remains in “Processing” for more than 15 minutes.