Log Collection Config: Import, Export, and Edit Event Sources in Bulk

Document created by RSA Information Design and Development on May 9, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 6Show Document
  • View in full screen mode
  

This topic tells you how to import, export, and edit event sources in bulk.

You can use the bulk export option to export the event source details of your current set up and store it. This data can be imported in bulk when you face a problem with your current set up and require the event source data you had.

You can use the bulk edit feature when you have multiple event sources that need a specific modification. You can select all the sources and apply the edit option across them at a time and avoid applying the change one by one.

After completing this procedure, you will have...

  • Imported event sources in bulk.
  • Exported event sources in bulk.
  • Edited event sources in bulk.

Return to Procedures

See Also

Similar procedures are available from the Event Sources module (Administration > Event Sources). For details, see the following topics in the Event Source Management Guide:

  • Import Event Sources
  • Export Event Sources
  • Bulk Edit Event Source Attributes

Import Event Sources in Bulk

To import multiple event sources at once:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. Select the Event Sources tab, select AWS (CloudTrail), Check Point, File, Netflow, ODBCSDEE(Syslog for Remote Collectors) onlyVMware, Windows, and Windows Legacy (SNMP does not have an Import function.).
  5. In the Sources panel toolbar, click Import Source.
    The Bulk Add Option dialog is displayed.
    BulAddOptionCSV.PNG
  6. Select either Import CSV File or Paste CSV Content. If you select:
  • Import CSV File:
  1. Click Next.
    The Import dialog is displayed.
  2. Click Add and select a .csv file from your network.
    BulAddOptionCSV-Import.PNG
  3. Click Import.
    The event sources are added to the Event Source list.
  • Paste CSV Content:
  1. Copy the contents of the .csv file and paste it into the dialog.
    BulkAddOptionPaste.PNG
  2. Click Import.
    The event sources are added to Event Source List.

Export Event Sources in Bulk

  • In the Security Analytics menu, select Administration > Services.
  • In the Services grid, select a Log Collector service.
  • Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  • Select Event Sources tab, select AWS (CloudTrail), Check Point, File, Netflow, ODBCSDEE, VMware, Windows, and Windows Legacy (SNMP does not have an Export function.).
  • In the Sources panel, select one or multiple event sources and click Export Source.
    The Bulk Export dialog is displayed.
    bulkexpdialog.PNG
  • If you select:
  • All, Security Analytics exports all event sources to a time-stamped CSV file.
  • Selected, Security Analytics exports the event source or sources you selected to a time-stamped CSV file.
  • Cancel, Security Analytics cancels the export.

The time-stamped CSV file (for example, exported-file-config-Feb-28-2013-13-31.csv) with the event sources that you selected from the list.
bulkExportCSVb.PNG

Edit Event Sources in Bulk

To edit multiple event sources at once:

  1. On the Log Collector Event Sources tab, select AWS (CloudTrail), Check Point, File, Netflow, ODBCSDEE, SyslogVMware, Windows, or Windows Legacy (SNMP does not have an Edit function.).
  2. In the Sources panel, select multiple event sources and click icon-edit.png (edit icon).
    The appropriate Bulk Edit dialog for the selected event source is displayed. The following figure is an example of Bulk Edit Source dialog for File event source parameters.
    BlkEdSrc.png
  3. Select the checkbox to the left of the fields that you want to modify (for example, Debug).
  4. Modify the selected parameters (for example, change Debug from Off to On).
  5. Click OK.
    Security Analytics applies the same parameter value change to all of the selected event sources

Parameters

AWS (CloudTrail)
Check Point
File Event Source
Netflow
Open Database Connectivity (ODBC)
SDCC
Syslog
VMware
Windows

You are here
Table of Contents > Log Collection Configuration Guide > Procedures > Step 3. Configure Event Sources in Security Analytics > Import, Export, and Edit Event Sources in Bulk

Attachments

    Outcomes