08-23-2023 08:58 PM
Hello Team,
We need to change rsyslog.conf file. Please let us know if this file can be changed and is it recommended to integrate the BVM server with the SIEM?
08-24-2023 07:25 AM
Hi @RamyashreeMada ,
Thank you for writing to livecommunity!
The broker VM is a hardened security appliance managed by Palo Alto Networks only. There is no mechanism to configure the internal files and processes on the broker VM and as a result, it can be integrated only to Cortex XDR instance only. The broker VM can collect logs into Cortex XDR and can be used for syslog collection within the surface of the Cortex XDR solution only. As a result, you cannot integrate it directly to a SIEM.
Rather the practice recommendation would be to ingest logs into Cortex XDR using the broker VM syslog and collect the alerts and events from the Cortex XDR to SIEM solution via various possible and infrastructually supported means.
Hope this answers your query.
Please feel free to mark the response as "Accept as Solution" if it helps
08-24-2023 11:35 PM - edited 08-24-2023 11:36 PM
yes, looking to forward Cortex Agent logs from Broker VM to SIEM systems
08-25-2023 12:08 AM - edited 08-25-2023 12:12 AM
Thank you for confirming.
This is not possible. You cannot forward agent logs to SIEM using the broker VM.
You can only forward notifications.
For more details, please refer: Integrate A Syslog Reciever
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
