Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
111112113114115116117118119120
Navigate the Dell Server
102
threat_changed: The behavior of an existing threat has changed (examples: Score, Quarantine
Status, Running Status).
Example Message of Threat Event:
Threat Classifications
Hundreds of threats are classified each day as either Malware or Potentially Unwanted Programs
(PUPs). If this option is selected, you subscribe to be notified when these events occur.
Example Message of Threat Classification:
Security Information and Event Management (SIEM)
Specifies the type of Syslog server or SIEM that events are to be sent to.
Protocol
This must match what is configured on your Syslog server. The choices are UDP or TCP. UDP is
generally not recommended as it does not guarantee message delivery. Dell recommends TCP
(default).
TLS/SSL
Only available if the Protocol specified is TCP. TLS/SSL ensures the Syslog message is encrypted in
transit from Advanced Threat Prevention to the Syslog server. Dell encourages customers to select this
option. Ensure that the Syslog server is configured to listen for TLS/SSL messages. To use TLS/SSL, it
is necessary to configure the Syslog server and import certificates. For more information, see
Export
Audit Events with TLS/SSL over TCP.
IP/Domain
Specifies the IP address or fully-qualified domain name of the Syslog server that the customer has
setup. Consult with your internal network experts to ensure firewall and domain settings are properly
configured.
Port
Specifies the port number on the devices that the Syslog server listens for messages. It must be a
number between 1 and 65535. Typical values are: 512 for UDP, 1235 or 1468 for TCP, and 6514 for
Secured TCP (example: TCP with TLS/SSL enabled).
Severity