Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

131

132

133

134

135

136

137

138

139

140

Security Management Server v10.2.7 AdminHelp

119

Hundreds of threats are classified each day as either Malware or Potentially Unwanted Programs (PUPs). If

this option is selected, you subscribe to be notified when these events occur.

Example Message of Threat Classification:

Security Information and Event Management (SIEM)

Specifies the type of Syslog server or SIEM that events are to be sent to.

Protocol

This must match what is configured on your Syslog server. The choices are UDP or TCP. UDP is generally not

recommended as it does not guarantee message delivery. Dell recommends TCP (default).

TLS/SSL

Only available if the Protocol specified is TCP. TLS/SSL ensures the Syslog message is encrypted in transit

from Advanced Threat Prevention to the Syslog server. Dell encourages customers to select this option.

Ensure that the Syslog server is configured to listen for TLS/SSL messages. To use TLS/SSL, it is necessary to

configure the Syslog server and import certificates. For more information, see

Export Audit Events with

TLS/SSL over TCP.

IP/Domain

Specifies the IP address or fully-qualified domain name of the Syslog server that the customer has setup.

Consult with your internal network experts to ensure firewall and domain settings are properly configured.

Port

Specifies the port number on the devices that the Syslog server listens for messages. It must be a number

between 1 and 65535. Typical values are: 512 for UDP, 1235 or 1468 for TCP, and 6514 for Secured TCP

(example: TCP with TLS/SSL enabled).

Severity

Specifies the severity of the messages that should display in the Syslog server. This is subjective, and it may

be set to whatever level preferred. The value of severity does not change the messages that are forwarded to

Syslog.

Facility

Specifies what type of application is logging the message. The default is Internal (or Syslog). This is used to

categorize the messages when they are received by the Syslog server.

Testing the Connection

Click Test Connection to test the IP/Domain, Port and Protocol settings. If valid values are entered, after a

couple of moments, a success confirmation displays.

Advanced Threat Prevention Syslog IP Addresses

Syslog server IP addresses to allow, by region:

US (includes my.cylance.com and my-vs2.cylance.com):

52.2.154.63