SIEM integration supports automatic system response, improved data monitoring and analysis, and enhanced security capabilities.
Step 1: Access SIEM Integration
-
Go to the System Management page.
-
Select the SIEM Integration menu.
Step 2: Configure SIEM Integration
-
Click Edit to enter the SIEM integration information.
-
Please note that after configuration, the system-SIEM integration may require 2-3 minutes for completion.
| Field Name | Explanation | Example / Notes |
|---|---|---|
| Log format | Select the log format for transmission. | Syslog |
| Time format | Select the time format for transmission. | RFC 3339 (2022-01-31T12:34:56Z)RFC 3164 (May 02 11:11:11Z) |
| Host / IP | This is the IP address or domain of the SIEM server that will receive logs. Do not enter the MAVIS server IP. This information is usually provided by your SIEM administrator. | Splunk: splunk.example.comQRadar: 192.168.10.50 |
| Protocol | Select the transmission protocol to connect to the SIEM server. | TCP / UDP |
| Port | The port on which the SIEM server is listening for log messages. This is the port of the SIEM server, not MAVIS. | 514 (default Syslog)6514 (Syslog over TLS) |
| Secure connection (SSL) | Enable if the SIEM server supports HTTPS/SSL. Default is disabled. | Enabled / Disabled |
| Test Connection | Test the connectivity to the SIEM server. This checks the Host/IP, protocol, port, and SSL. The system will not record the test. | Success / Failure message |
Notes
-
Host/IP and Port must match the SIEM server that will receive the logs, such as Splunk, QRadar, or Elastic SIEM.
-
Make sure MAVIS can reach the SIEM server network-wise (firewall rules, VPN, etc.).
-
If unsure, contact your SIEM administrator for the exact Host/IP and Port.
Troubleshooting
| Error Message |
Explanation |
| The connection information is incorrect. |
When clicking the "Test Connection" button, the Host/IP, Protocol, Port, or SSL fields are incorrect.
Please ensure that the connection information is accurate and error-free. |