Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Adding an SIEM Server
To add an SIEM Security Incident and Event Management (SIEM) is a server where Aruba IDPS sends the threat data to perform advanced analysis and generate reports. SIEM provides a holistic picture of the security posture by aggregating and correlating data from disparate sources in the network. for IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it., complete the following steps:
- In the WebUI, set the filter to .
The dashboard context for all devices is displayed. - Under , click >.
- Click the icon to open the configuration page.
- Click the tab.
- Click + in the Servers table.
- In the window, enter the following details:
- —The name for the server.
- —The SIEM server URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet.. Specify the TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. port number after the colon (:8088 or :443), as the last element of the URL. The port number must not be followed by anything else like the services, collector, or event details. For example, https://prd-p-op170.splunkcloud.com:8088. For more information, see Supported URL Formats.
- —The index from the third-party SIEM provider to contain the threat data.
- —The authentication token from the third-party SIEM provider to connect to the server.
- Click to verify if the connection to the SIEM server is working.
- Click .
For the threat data to be reported to this server, ensure that you have enabled reporting to SIEM server.
Supported URL Formats
The following are the URL formats that are accepted for the IDPS SIEM server configuration.
|
Splunk URL Example |
Acceptable URL Format |
|
https://prd-p-op170.splunkcloud.com |
https://prd-p-op170.splunkcloud.com:8088 |
|
https://http-inputs-abc.splunkcloud.com:443/services/collector/event |
https://http-inputs-abc.splunkcloud.com:443 |
