27.12 Configuring Integration with Sentinel

This section provides the configuration information about integrating Advanced Authentication with Sentinel for managing logs. With this integration the syslog files are gathered and transmitted from Advanced Authentication to Sentinel sever, where an administrator can search the events to analyze, monitor, and generate a report.

To configure the integration of Advanced Authentication with Sentinel, perform the following tasks:

27.12.1 Configuring the CEF Log Forward Policy on Advanced Authentication

To forward the syslog details to Sentinel, you must configure the CEF log Forward policy by performing the following steps:

  1. Open the Advanced Authentication Administration portal.

  2. Click Policy > CEF Log Forward.

  3. Specify the Sentinel server IP address in Syslog server.

  4. Specify the port number in Port.

    For example, you can specify 1443.

  5. Select the transport layer details in Transport.

    For example, you can select TCP with TLS.

  6. Click Save.

  7. Restart the Advanced Authentication server to apply the changes.

27.12.2 Searching the Events on Sentinel

  1. Open the Sentinel console.

  2. Specify the query ((sev:[0 TO 5])) AND (sp:"CEF") in the Search bar, then click Search.

    The events with severity 0 to 5 are displayed. You can download the events in the csv format.