Setup Guide



54

DellProtectedWorkspaceManagementServer–InstallandConfigure–v2.2

ConfiguringtheThreatsModulewiththeCorrectSYSLOGformat

TheDPWMSThreatsModuleisabletosendThreatReportinformationtoSIEMsystemsinafewdifferentformatsto

bettersuitthereceivingSIEMsystem.AvailableformatsareSplunk,Q1Labs,Arcsight andRSAEnvision.

Tosettheproperloggingformat,selectthePluginsmenufromtheThreatData

tab.



FromthePluginSettingsdialog,locatetheentryforformatsunderthealertsheaderandmakesurethatthe“Enabled”

boxischecked.Ifnot,checktheboxandrestarttheDPWMS(ims2)service.Now,modifythislinetothecorrectformat

(onlyoneshouldbeselected.Allfour

aredisplayedbydefault,andshouldbemodifiedtothecorrectselection):

 sp=Splunk

 q1=Q1Labs

 arst=Archsight

 env=RSAEnvision

Optionally,modifythelognameentrytocreateacustomsearchwordintheSYSLOGentry.Thislognameisincludingat

thebeginningoftheSYSLOGmessagesgeneratedbytheThreatsModule.



Pressthe“Save”buttonandclosethedialogoncethechangeshavebeenmade.