When you configure your Tufin Orchestration Suite to send log data to USM Appliance, you can use the Tufin Orchestration Suite plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
| Device | Details |
|---|---|
| Vendor | Tufin |
| Device Type | Endpoint Security |
| Connection Type | Syslog |
| Data Source Name | Tufin |
| Data Source ID | 1878 |
Integrating Tufin Orchestration Suite
Before you configure the Tufin Orchestration Suite integration, you must have the IP Address of the USM Appliance Sensor.
To configure Tufin Orchestration Suite to send Syslog messages to USM Appliance
- From the Tufin Orchestration Suite UI, select Settings > Configuration > Notifications.
- On the Configure Servers display page, enter the USM Appliance IP or hostname in the Syslog Server field:
- On the Policy Change Notifications display page, select Send by syslog (and/or Send by SNMP Traps). These selections affect the "New revision saved" and "New revision installed" events.
- On the SecureTrack Administrative Alerts display page, select Send by syslog (and/or Send by SNMP Traps). These selections affect all events except for the "New revision saved" and "New revision installed".
- Click Save.
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
https://forum.tufin.com/support/kc/latest/index.htm?toc.htm?4827.htm?zoom_highlight=remote+syslog
For troubleshooting, refer to the vendor documentation:
https://forum.tufin.com/support/kc/latest/index.htm?toc.htm?troubleshooting_securetrack.htm
Feedback