Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
111112113114115116117118119120
Navigate the Dell Server
Use the keytool command to add the Splunk server's root certificate (cacert.pem) to the Dell
Server operating system Java keystore. The certificate is added to the operating system Java
keystore and not to the Dell Server application Java keystore.
keytool -keystore <keystore_location> -alias <alias-name> -importcert -file
<certificate_file>
Add the Splunk server's root certificate (cacert.pem) to the Java keystore, which in Windows is
usually located at: C:\Program Files\Dell\Java Runtime\jre1.8\lib\security\cacerts
4. Modify the Dell Server database to change the SSL value from false to true:
In the database, navigate to the information table, SIEM-specific support configuration.
Change the "SSL":"false" value to "SSL":"true" for example:
{"eventsExport":{"exportToLocalFile":{"enabled":"false","fileLocation":"./logs/siem/audit-
export.log"},"exportToSyslog":{"enabled":"true","protocol":"TCP","SSL":"true","host":"yourDellSe
rver.yourdomain.com","port":"5540"}}}
Advanced Threat Prevention Syslog Event Types
Following are event types that are supported with the Syslog/SIEM Advanced Threats option
.
Application Control
This option is visible when the Application Control feature is enabled. Application Control events represent
actions occurring when the device is in Application Control mode. Selecting this option sends a message to the
Syslog server whenever an attempt is made to modify or copy an executable file, or when an attempt is made
to execute a file from an external device or network location.
Example Message for Deny PE File Change:
Example Message for Deny Execution from External Drive:
Devices
Select this option to send device events to the Syslog server.
When a new device is registered, two messages for this event are received: Registration and
SystemSecurity.
Example Message for Device Registered Event:
102