Configure SIEM over TCP-TLS
Use these configurations to send events over TLS to SIEM.
Supported certificate formats are:
- .crt
- .pem with sha256
To configure Skyhigh Cloud Connector with SIEM over TCP+TLS, use the following steps:
- Collect your SIEM CA root and Cloud Connector CA root certificates.
- To import the Cloud Connector CA root certificate to your customer SIEM server, follow the steps for your OS and device in Install CA Certificate as Trusted Root CA.
- To import your SIEM server CA root certificate, execute the following commands on the Cloud Connector machine:
Command for Linux
$EC_HOME/jre/bin/keytool -import -trustcacerts -keystore $EC_HOME/jre/lib/security/cacerts -storepass changeit -alias <custom-aliasname> -import -file <CA File Path>
Command for Windows
$EC_HOME\jre\bin\keytool.exe -import -trustcacerts -keystore $EC_HOME\jre\lib\security\cacerts -storepass changeit -alias <custom-aliasname> -import -file <CA File Path>
- Verify that the CA certificates are imported properly.
Command for Linux
$EC_HOME/jre/bin/keytool -list -v -keystore $EC_HOME/jre/lib/security/cacerts -storepass changeit
Command for Windows
$EC_HOME\jre\bin\keytool.exe -list -v -keystore $EC_HOME\jre\lib\security\cacerts -storepass changeit
- Login to Skyhigh CASB and go to Settings > Infrastructure > CC Configuration.
- Select your Cloud Connector host ID, and go to the SIEM Integration tab.
- For SIEM Protocol, select TCP+TLS, and click Save. For details, see Cloud Connector Config SIEM Integration.
- Wait for the application context to refresh on Cloud Connector (about 5 minutes.)
- Restart the SIEM server to receive events over TLS.