Reference Guide
Navigate the Dell Server
Threats
Select this option to log any newly found threats or changes observed for any existing threat, to the Syslog
server. Changes include a threat being Removed, Quarantined, Waived, or Executed.
There are five types of Threat Events:
• threat_found: A new threat has been found in an Unsafe status.
• threat_removed: An existing threat has been Removed.
• threat_quarantined: A new threat has been found in the Quarantine status.
• threat_waived: A new threat has been found in the Waived status.
• threat_changed: The behavior of an existing threat has changed (examples: Score, Quarantine
Status, Running Status).
Example Message of Threat Event:
Threat Classifications
Hundreds of threats are classified each day as either Malware or Potentially Unwanted Programs (PUPs). If
this option is selected, you subscribe to be notified when these events occur.
Example Message of Threat Classification:
Security Information and Event Management (SIEM)
Specifies the type of Syslog server or SIEM that events are to be sent to.
Protocol
This must match what is configured on your Syslog server. The choices are UDP or TCP. UDP is generally not
recommended as it does not guarantee message delivery. Dell recommends TCP (default).
TLS/SSL
Only available if the Protocol specified is TCP. TLS/SSL ensures the Syslog message is encrypted in transit
from Advanced Threat Prevention to the Syslog server. Dell encourages customers to select this option.
Ensure that the Syslog server is configured to listen for TLS/SSL messages. To use TLS/SSL, it is necessary to
configure the Syslog server and import certificates. For more information, see
Export Audit Events with
TLS/SSL over TCP.
102