SIEM Report Settings
Use the report.xml to define settings related to SIEM reports. The configuration file is located in two paths, corresponding to the two sources of reports that can be sent to a SIEM:
n | The report.xml file for the Votiro Scanner Service is located in [installation_path]\Votiro.Malware.Scanner\Config. |
n | The report.xml file for all other Disarmer processes is located in [installation_path]\config |
The attributes are described in
Attribute | Description | Value |
---|---|---|
SiemSettings | ||
IsActivated | Specifies the option to enable or disable the SIEM logging engine.
| Either true or false. The default is false.
Caution! The value that you set affects performance as each message is delivered over the network. |
Format | Specifies the messages formatting of all messages delivered by the SIEM logging engine. | The default is CEF. It is the only valid value. |
Address | Specifies the address or hostname of the SIEM system collector service.
| A hostname where the address represents a fully qualified hostname or an IPv4 address. The default is empty. When the address is empty, the server uses its own IP as an address. |
Port | Specifies the UDP port of the SIEM system collector service. | A positive integer between 1 and 65535. The default is 514. |
Comments
0 comments
Please sign in to leave a comment.