¶ StellarCyber SIEM Integration
Exium SIEM integration helps partners to integrate StellarCyber SIEM with Exium, so that they can view and manage Exium data and dashboards part of your existing StellarCyber account. Unique features of this integration are
- Simple steps to integrate StellarCyber SIEM with Exium
- Automatic upload of Exium log events to StellarCyber SIEM
- Visualise Dashboards on StellarCyber SIEM
This note explains how to configure StellarCyber SIEM settings on Exium end company workspace.
Following steps elaborate StellarCyber SIEM Integration with Exium.
¶ 1. Prerequisites
Following Prerequisites shall be met before proceeding with integration
- Exium End company workspace with admin access
- StellarCyber SIEM account with admin access and a tenant
- Log Forwarder (modular sensor) attached to the Tenant
Version 5.1.1 of Stellar Cyber, estimated to be released on March of 2024, will include the Exium parser as a native ingestion point. Prior to the release of 5.1.1, the Exium parser can be enabled by contacting the Exium support team (support@exium.net) or Stellar Cyber Customer Success Team and requesting the custom Exium parser.
¶ 2. Retrieve Endpoint URL and Stellar Tenant ID
¶ 2.1 Determine the Endpoint URL
The endpoint URL is comprised of the log forwarder IP address (as mentioned in the prerequisites), the httpjson parser port (5200), and parser path (/exium).
Example: https://192.168.10.10:5200/exium
Where:
- 192.168.10.10 is the ip address of the modular sensor (log forwarder)
- 5200 is the standard httpjson parser port
- /exium is the path
¶ 2.2 Determine the Stellar Tenant ID for use within the Exium Header
The Stellar Cyber Exium parser is a multi-tenant parser that expects to find the stellar tenant id. To determine what value to use for that value in each of the Exium tenants, on the Stellar Cyber platform, navigate to the System → Tenants as shown below.
A table will be displayed of all tenants within the platform. The “ID” column of each row contains the corresponding tenant id for each tenant. The table can be viewed directly or downloaded (exported) as a CSV file. Please refer integration document here.
NOTE: if the ID column is not seen within the table, navigate to the “columns” selector and tick the option for the ID column.
¶ 3. Configure StellarCyber details on Exium Admin Console
On Exium Service Portal Admin Console, You need to configure StellarCyber Endpoint URL and TenantID which is copied from StellarCyber SIEM account. Following steps elaborate on that.
¶ 3.1 Navigate to StellarCyber SIEM settings page
Login to Exium Service Portal Admin Console by using your admin credentials. After you login, Click on Integrations on left nav bar as shown below
On Integrations page, click on SIEM tab and select StellarCyber SIEM as shown below
¶ 3.2 Configure StellarCyber SIEM settings
On SIEM page, Select StellarCyber SIEM, Enter SIEM URL and Stellar Tenant ID which is copied from Stellar account (as part of prerequisite). In the Log Events to send to SIEM box, select the types of logs you want to send to SIEM. Click on Update as shown below.
¶ 4. View Events and Dashboards on Stellar Cyber
With above steps, Integration is complete and log events from Exium platform will be going to Stellar Cyber platform.
To view the Exium data within the Stellar Cyber platform, a dedicated Exium visualization has been created. If the current platform does not already contain the Exium visualizer, it can be easily added by downloading the Exium visualization file and then uploading to the current platform
¶ 4.1 Download Exium Visualizer
Visit the Stellar Cyber public github repository and download the Exium visualization configuration file.
¶ 4.1 Upload Exium Visualization
Within the Stellar Cyber platform, navigate to Visualize → Dashboards, then select Create → Import Dashboard
Navigate to the file that you downloaded in the previous step and select Submit.
The new Exium dashboard is displayed for you automatically and is also available now in the Visualize → Dashboards general tab.
Refer following screenshot for a sample Dashboard. You can find more details to view and investigate visualizer here.
If you have any issue during integration, contact us at support@exium.net or raise a ticket on https://exium.net/help-center/
If you would like to see how Exium can help defend your organization, contact us at hello@exium.net