icon-itdr.svg
ITDR

SIEM Configuration Guide for Netmonastery DNIF

This article provides information on prerequisites and how to configure a Service Connector to forward events or audit logs to a Netmonastery DNIF security information and event management (SIEM) solution.

Prerequisites

Make sure the following prerequisites are met:

  • Have network connectivity between the Service Connector and the Netmonastery DNIF server on the port Netmonastery DNIF is listening to.
  • Use TCP or UDP protocol depending on the Netmonastery DNIF SIEM configuration.

Configuring a Service Connector to Forward Events to Netmonastery DNIF

To configure a Service Connector to forward events or audit logs to a Netmonastery DNIF SIEM:

  1. In the Zscaler ITDR Admin Portal, go to Orchestrate > SIEM Integrations.

  2. Click Add Integration, and select Netmonastery DNIF from the drop-down menu.

  3. In the Netmonastery DNIF Details window:

    • Name: Enter a name for the Netmonastery DNIF SIEM integration.
    • Enabled: Select to enable SIEM integration.
    • Service Connector: Select a Service Connector from the drop-down menu. If you select a Service Connector that is configured in the ITDR Admin Portal, the portal sends logs to Netmonastery DNIF.
    • Type of logs: Select an option from the drop-down menu.
      • Events: Send events to Netmonastery DNIF.
      • Audit Logs: Send audit logs to Netmonastery DNIF.
    • Include Safe Events: Enable to forward the events that are marked as safe to Netmonastery DNIF.

    • Filter: Specify a query if you want to send filtered event logs to Netmonastery DNIF. If this field is blank, all event logs are sent to Netmonastery DNIF.

      The Filter option is available only for event logs.

    • Host: Enter the Netmonastery DNIF server IP address.
    • Port: Enter the port number the Netmonastery DNIF server is listening to.
    • Transport: Select TCP or UDP.

  4. Click Save.

    The Netmonastery DNIF SIEM integration is added.

To test the Netmonastery DNIF SIEM integration, generate events on the Investigate page. You can see the logs forwarded from the ITDR Admin Portal on the Netmonastery DNIF SIEM solution.

Related Articles
About Service ConnectorsAbout SIEM IntegrationsConfiguring a Service ConnectorSIEM Configuration Guide for ArcSight Enterprise Security ManagerSIEM Configuration Guide for IBM QRadarSIEM Configuration Guide for Microsoft SentinelSIEM Configuration Guide for Netmonastery DNIFSIEM Configuration Guide for Splunk Enterprise and Cloud PlatformSIEM Configuration Guide for SyslogSIEM Configuration Guide for Sumo LogicEditing or Deleting a Service ConnectorEditing or Deleting a SIEM Integration