This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Check out the new Professional Security Operations Engineer certification beta!
Log in to ask a question

It is possible to use the same Siemplify agent (SOAR) to send Forwarders logs (SIEM) ?

Posted on 01-16-2025 09:56 AM
YanGuilherme
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I need to use a syslog server to send firewall to SecOps via the Fowarders agent, but i also want to use in this server the Connectors logs of the firewall.
It is possible to use the same Siemplify agent (SOAR) to send Forwarders logs (SIEM) or the only way to this work in the Syslog server is to use two agents?

Solved Solved
0 1 138
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mikewilusz
Staff
Reply posted on --/--/---- --:-- AM

The SOAR remote agent acts as a proxy to allow the SOAR to use non-Internet resources for things like enrichment and actions. It does not do log collection for the SIEM.

The Chronicle Forwarder, or now also Bindplane/Chronicle Collection Agent, do actual syslog collection and relay to the SIEM. These can run the same server as the remote agent, but they are distinct functionality.

-mike

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
mikewilusz
Staff
Reply posted on --/--/---- --:-- AM

The SOAR remote agent acts as a proxy to allow the SOAR to use non-Internet resources for things like enrichment and actions. It does not do log collection for the SIEM.

The Chronicle Forwarder, or now also Bindplane/Chronicle Collection Agent, do actual syslog collection and relay to the SIEM. These can run the same server as the remote agent, but they are distinct functionality.

-mike

Jump to Solution
Top Solution Authors
View all