This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

TLS settings in secops forwarder collector

Posted on 12-09-2024 06:22 AM
yasinmnk
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,
I need to add tls certificate to my collector, in secops forwarder, there should be tls server key path given, but i dont know where should i keep it, in my computer locally or where excatly?

Any help would be invaluable, thanks in advance!

0 2 246
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
cbryant
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

That file needs to be kept on the forwarder itself so that the configuration can reference it. I would recommend putting it in the /opt/chronicle/config directory along with the forwarder auth and configuration files.

0 Likes

Posted on --/--/---- --:-- AM
nahatx
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

The cert files need to be kept in a specifically named certs folder on the forwarder server.

So within your server /opt/chronicle/config/certs/ is where you put them. The forwarder config/auth files remain within the config folder.

 
You must add the following to any log source within your configuration file that is using TLS. Change the cert names, cert extensions, and minimum tls version as appropriate.

 

    certificate: "/opt/chronicle/external/certs/cert_name.crt"
    certificate_key: "/opt/chronicle/external/certs/cert_name.key"
    minimum_tls_version: "TLSv1_2"

 

Do not alter the above paths as these are the container file paths (not the path to where you put the certs on the server). The forwarder automatically checks /opt/chronicle/config/certs/ to find them.
0 Likes
Top Solution Authors
View all