get logs/API

Aspirant

get logs/API

Hi, I am using the PSB services and I am creating a SOC. we would like to be able to get the information from the PSB into our SOC... is it possible? essentially, we would like to get the AV, update & firewall events. If the PSB cannot send them is it possible to get this information from the workstations? thanks for your help.
1 ACCEPTED SOLUTION

Accepted Solutions
Regular Member

Re: get logs/API

Hi Steven,

 

It would be great if we could set a syslog server in a PSB profile and have PSB clients pump all the logs straight into a SIEM, but this isn't possible.

 

The best that is available is the WMI provider, but it doesn't provide anything like the detail you will require for a SOC:

 

https://help.f-secure.com/product.html#business/psb-portal/2016/en/concept_E55FFF0187A54B79B30637C79...

 

 

2 REPLIES 2
Regular Member

Re: get logs/API

Hi Steven,

 

It would be great if we could set a syslog server in a PSB profile and have PSB clients pump all the logs straight into a SIEM, but this isn't possible.

 

The best that is available is the WMI provider, but it doesn't provide anything like the detail you will require for a SOC:

 

https://help.f-secure.com/product.html#business/psb-portal/2016/en/concept_E55FFF0187A54B79B30637C79...

 

 

Highlighted
Aspirant

Re: get logs/API

Thanks. I did not know about this. it is a start... may be I'll be able to send notifications by email than catch them in the SOC... Still hoping for this functionality though...