Sending logs to SIEM Product

Document ID : KB000102332
Last Modified Date : 09/07/2018
Show Technical Document Details
Question:
Is it possible to filter security event data, before sending them to a SIEM product such as Splunk ?
Answer:
Security event data can be filtered by the Policy Statement Event Selections and Test Conditions. Also with the Compliance Event Manager SIEM Policy Actions you can select what security event data is sent to a SIEM application such as SPLUNK. Once the Policy event selection criteria and SIEM Policy Action is setup to select the security event data to be sent to the SIEM application no more filtering can be done.