Cynet is a cyber-security company. It converges essential cyber security technologies that help enterprises to identify security loopholes, and threat intelligence, and manage endpoint security.
- An active Cynet license and login credentials.
Configuring Syslog on Cynet
- On your Cynet web interface, go to Settings > Advanced. Select the box beside Send Audit Records to SIEM.
2. Go to Configuration > SIEM settings and enable the following configuration:
- UDP/TCP. If TCP is used make sure your forwarder server configuration is aligned with this.
- IP - IP address of your Forwarder server
- Port – 11723, port that is configured on your Forwarder.
3. Press Add. The added IP and port will appear on the screen.
4. You must restart the Cynet services on the server to apply the change. (Note: Please check with Cynet support before you initiate restart as per your business impacts).
5. Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.