Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configure SIEM
Gateway IDS/IPS provides the option to send the threat event data to a third-party Security Incident and Event Management (SIEM Security Incident and Event Management (SIEM) is a server where Aruba IDPS sends the threat data to perform advanced analysis and generate reports. SIEM provides a holistic picture of the security posture by aggregating and correlating data from disparate sources in the network.) server such as Splunk, which allows you to perform advanced analysis and generate reports. SIEM provides a holistic picture of the security posture of your organization by aggregating and correlating data from disparate sources in the network. For information about how to set up HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. event collector in Splunk web, see https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/UsetheHTTPEventCollector.
HPE Aruba Networking Central sends the threats data in the .gzip format to the Splunk server. It is sent in batches based on the count or time (500 threats or 30 seconds), whichever occurred first.
SIEM configuration is available only in the 9004 Branch Gateways connected to HPE Aruba Networking Central are sent to the SIEM server.
context. If configured, threat data from allBefore you begin
Ensure that the following requirements are met before you configure SIEM server:
- You have an active subscription with a third-party SIEM provider such as Splunk.
- You have the server URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet., an index, and the authentication token handy to enter the details while configuring SIEM
To know how to configure Splunk and get the required details to configure SIEM, see the section Set up and use HTTP Event Collector in https://docs.splunk.com/Documentation/SplunkCloud.
The following sections explain how to manage the SIEM: