I’m wondering If It’s possible to configure Stealthwatch to communicate with LogPoint. I want Stealthwatch to forward events, even better If It also can forward flows to the SIEM.
Is this possbile?
All I can find regarding this is the integration with LogPoints SOAR to configure different types of actions.
Adding the Vendors — Cisco Secure Network Analytics (Stealthwatch) SOAR Integration latest documentation (logpoint.com)
I belive this is how you can configure Stealthwatch to communicate.
The name for the syslog message action.
This check box is enabled by default.
The IP address of the Logpoint.
The default port is port 514.
Select Syslog Formats.
If this doesnot work for you, you can create a support ticket so that Logpoint support engineer could assit you in a remote session.
Thanks for your reply. I’m assuming that I’ve to modify the “custom format” with correct IP-adresses, dstPort and protocol.
How about the opportunities for LogPoint to receives NertFlows? Must an flow collector be set up or can an LogPoint appliance for example receive It directly without any additional configuration?
I assume you mean Netflow not Nertflows. Here is the documentation link for intergating Netflow with Logpoint. Netflow support is available in LogPoint and requires the Netflow Application to be installed. Once it is installed, it is available as a Fetcher and can be applied to Devices and/or Policy. NetFlow needs to be enabled on the sending device and must send NetFlow on port 9001. This is usually a configurable option on the sending device.
You can try configuring this on your end. Feel free to reach out if you face issues with the intergations.
Yes sorry, I mean NetFlows. Okey perfect, thanks for the answers about NetFlows.
Is It possible for Stealthwatch to “forward” Flows to LogPoint directly on port 9001? Or is It recommended to point out LogPoint as a destion of flows on the L3 devices directly?
We recommend to forward the Stealthwatch flows to the LP via the Syslog. However it is possible to define the flows of L3 devices to LP using Netflow collector application.But you would miss the additional analytics that would be provided by the stealthwatch and we have to build up our own custom analytics based on the netflow logs.