Log Collection SDEE: The Basics

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This guide tells you how to configure SDEE collection protocol which collects events from Intrusion Detection System (IDS) and Intrusion Prevention Service (IPS) messages. 

Deployment Scenario

The following figure illustrates how you deploy the SDEE Collection Protocol in Security Analytics.

SDEE_Deployment.png

Configure SDEE Collection Protocol in Security Analytics

You configure to the Log Collector to use SDEE collection for an event source in the event Source tab of the Log Collector parameter view.  The following procedure explains the basic workflow for configuring an event source for SDEE Collection in Security Analytics.  Please refer to:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Log Collection service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config to display the Log Collection configuration parameter tabs.
    ConfigSDEEProtocol1.png
  4. Click the Event Sources tab.
  5. Select SDEE as the collection protocol and select Config.
  6. Click Icon-Add.png and select SDEE as the event source category.
    The event source category is part of the content you downloaded from LIVE.
  7. Select the SDEE category in the Event Categories panel and click Icon-Add.png in the Sources panel.
  8. Specify the basic parameters required for the SDEE event source.
  9. Click AdvcdExpandBtn.PNGand specify additional parameters that enhance how the SDEE protocol handles event collection for the event source.

Configure Event Sources to Use SDEE Collection Protocol

You need to configure each event source that uses the SDEE Collection protocol to communicate with Security Analytics (see Step 2: Configure SDEE Event Sources to Send Events to Security Analytics).

You are here: SDEE Collection Configuration Guide > lcsdeeBasics

Attachments

    Outcomes