Reference Guide

Security Management Server Virtual - AdminHelp v9.8

101

For Security Management Server Virtual - Add the Splunk server's root certificate (cacert.pem) to

/etc/ssl/certs/java/cacerts and restart the Dell Server.

4. Modify the Dell Server database to change the SSL value from false to true:

In the database, navigate to the information table, SIEM-specific support configuration.

Change the "SSL":"false" value to "SSL":"true" – for example:

{"eventsExport":{"exportToLocalFile":{"enabled":"false","fileLocation":"./logs/siem/audit-

export.log"},"exportToSyslog":{"enabled":"true","protocol":"TCP","SSL":"true","host":"yourDellServer.yo

urdomain.com","port":"5540"}}}

Advanced Threat Prevention Syslog Event Types

Following are event types that are supported with the Syslog/SIEM Advanced Threats option

Application Control

This option is only visible to users who have the Application Control feature enabled. Application Control

events represent actions occurring when the device is in Application Control mode. Selecting this option will

send a message to the Syslog server whenever an attempt is made to modify or copy an executable file, or

when an attempt is made to execute a file from an external device or network location.

Example Message for Deny PE File Change:

Example Message for Deny Execution from External Drive:

Devices

Select this option to send device events to the Syslog server.

• When a new device is registered, two messages for this event are received: Registration and

SystemSecurity.

Example Message for Device Registered Event: