SIEM / SOC INTEGRATION
SIEM / SOC Integration
SIEM/SOC Integration enables you to receive logs from our network and security components, to your chosen SIEM solution for further analysis.
By using logs exported from our platform, you can combine ecosystem events with other data sources, gaining deeper visibility into potential threats, improving incident response times, and strengthening your overall security posture.
What is SIEM / SOC Integration?
SIEM/SOC Integration is an add-on service that is complementary to the Cloud Gateway platform.
With this service, we can export any policy related events related to Firewall-as-a-Service (FWaaS), Foundation Security, Secure Web Gateway (SWG) and Web Application Firewall (WAF) components - plus activity related to Remote Access session activity.
Logs are sent in CEF or SYSLOG format. Other formats and log parsing may be supported on request.
How does it work?
A stream of policy-controlled events is provided from the Secure Enforcement Core (SEC) to an HTTPS or TLS endpoint provided by you. If you’re not sure what kind of endpoint you have, we can help you identify the requirement. Logs are batched and pushed to your SIEM/SOC endpoint in intervals every 5 minutes.
Any traffic / logs that do not pertain to your usage (e.g. Cloud Gateway administrative traffic) is not sent to your SIEM / SOC.
BENEFITS
SIEM / SOC Integration Benefits
SIEM/SOC Integration provides a real-time stream of security and network logs from Cloud Gateway’s platform directly to your chosen SIEM solution.
By integrating policy-controlled events, you gain greater insight into potential threats, enabling faster detection and response.
This service allows you to combine logs from multiple sources, including Firewall-as-a-Service (FWaaS), Secure Web Gateway (SWG), Web Application Firewall (WAF), and Remote Access sessions.
By consolidating ecosystem events, your security team can build a more comprehensive threat intelligence picture.
Logs are batched and pushed every five minutes via a secure HTTPS or TLS connection, ensuring a consistent and reliable data feed.
With support for CEF and SYSLOG formats, the integration process is straightforward and adaptable to your existing SIEM/SOC setup.
Whether you need specific log formats, custom parsing, or additional security event types, SIEM/SOC Integration can be tailored to your organisation’s needs.
The service scales alongside your security operations, ensuring continued compatibility as your infrastructure evolves.
Cloud Gateway handles the log aggregation and transmission, ensuring that only relevant security events reach your SIEM/SOC.
If you’re unsure about your endpoint requirements, our team is on hand to assist with setup and configuration.
/f/148396/1500x1000/f21a29e2ad/ai-robotics.png)
/f/148396/1500x1000/8e8dc43686/ai-self-healing-networks.png)
/f/148396/1500x1000/09d24f09ec/cloud-connectivity-cloud-native-outcomes-featured-image-website-12-copy-4.png)
Get started with SIEM / SOC Integration
Gain real-time visibility into security events with automated log delivery from Cloud Gateway’s platform to your SIEM/SOC solution. Strengthen your threat detection, streamline investigation, and stay ahead of cyber risks.