Nebula platform & SIEM integration

icsaucoapsa
icsaucoapsa Posts: 4
First Comment
edited March 2023 in Nebula

Hi,

I wondered if (and how) it is possible to integrate Nebula platform log to a SIEM (may be through Open API?)

Thanks for sharing!

Accepted Solution

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,589  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Hi @icsaucoapsa,

    Thanks for your feedback. I will wait for your DM.

    About your question:

    • each device will send its syslog flow to the defined address individually, right?
      > Yes, each device will send its syslog to the defined address individually.
    • Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?
      > Actually, the device will send syslog to the syslog server directly when you enable syslog setting. And also will periodically update the syslogs to Nebula.

    Zyxel Melen

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,589  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @icsaucoapsa,

    Which log do you want to integrate?

    If you want to receive the device's logs, you could consider using the Syslog service to get the logs.

    This feature is in Site-wide > General setting > Reporting > Syslog Server to set up.

    Hope it helps.

    Zyxel Melen

  • Hi Melen,

    Thanks for your quick answer.

    In fact I'd like to integrate platform log (users log-in, change and delete from Nebula) as well as device (AP, switch…) state logs and client connections on AP.

    Does this means that I need to collect syslog (and/or) API from nebula portal and also directly (syslog) from every single device?

    In that case, it means I should create VPN from each site to my central SIEM + a secure link from Nebula Cloud.

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,589  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @icsaucoapsa,

    Apology for the late reply.

    May I know why you would like to integrate the Nebula platform log into a SIEM?
    Is it for the information security audit? If yes, could you PM me what modus will be used to audit the platform logs? So I can help to clarify how to fulfill your requirement.

    For the device logs, you just need to configure the Syslog server setting in Site-wide > General setting > Reporting > Syslog Server. This will apply to all devices in your site.

    Zyxel Melen

  • Hi Melen,

    my time to apologize…

    Yes, it is for information security purpose. I'll DM you when I get the detailed case defined.

    Regarding syslog:

    • each device will send its syslog flow to the defined address individually, right?
    • Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?

    Regards,

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,589  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Hi @icsaucoapsa,

    Thanks for your feedback. I will wait for your DM.

    About your question:

    • each device will send its syslog flow to the defined address individually, right?
      > Yes, each device will send its syslog to the defined address individually.
    • Would it be possible that each device send its logs to Nebula and that Nebula send all of these syslogs aggregated to the syslog server of the customer?
      > Actually, the device will send syslog to the syslog server directly when you enable syslog setting. And also will periodically update the syslogs to Nebula.

    Zyxel Melen

Nebula Tips & Tricks