Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
SIEM
Which SIEM server does IDPS support?
IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it. supports only Splunk as a third-party SIEM Security Incident and Event Management (SIEM) is a server where Aruba IDPS sends the threat data to perform advanced analysis and generate reports. SIEM provides a holistic picture of the security posture by aggregating and correlating data from disparate sources in the network. server. For more information, see Configure SIEM.
What are the prerequisites for configuring SIEM server?
Before you configure a SIEM server, you must have an active subscription with Splunk, a third party SIEM provider and obtain the server URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet., an index, and the authentication token details.
How do I send threat data to the SIEM server?
To report threats to the SIEM server, in the SIEM tab, you must select the
check box, and add the SIEM server details.How do I stop sending the threat data to the SIEM server?
To stop reporting threats to the SIEM server, in the SIEM tab, you must deselect the
check box.How do I verify the connectivity to the SIEM server?
To verify the connectivity to the SIEM server, enter valid details to connect to the SIEM server and click Configure SIEM.
. For more information, seeHow do I edit the SIEM server details?
To edit the SIEM server details, see Configure SIEM.
Can I edit the SIEM server name?
No, name of the SIEM server is not editable. As a workaround, if you want to change the name, then delete the existing entry and create one with the new name. For more information, see Adding an SIEM Server.
How do I delete the SIEM server details?
To delete the SIEM server details, see Configure SIEM.