SOCFortress Integrations — Cynet EndPoint Protection.
Intro
SOCFortress integration and visualization tools allow security analysts the visualization and triage of Cynet EndPoint Protection security events using a single pane of glass.
About Cynet
Cynet is a cybersecurity company that offers a range of cybersecurity solutions and services to help organizations protect against cyber threats.
Some key features:
- Autonomous Breach Protection: Cynet is known for its Autonomous Breach Protection platform, which is designed to provide comprehensive cybersecurity defense. The platform combines various security technologies, including threat detection, response automation, and endpoint protection, to help organizations identify and mitigate threats quickly and effectively.
- Threat Detection and Response: Cynet’s platform uses advanced threat detection mechanisms to identify and respond to various types of cyber threats, including malware, ransomware, and advanced persistent threats. It often includes features like behavioral analysis and machine learning to detect anomalies and potential security incidents.
- Endpoint Security: Endpoint security solutions to protect individual devices (endpoints) within an organization’s network. These solutions may include antivirus, firewall, and other security features to secure laptops, desktops, servers, and mobile devices.
- Incident Response: Cynet offers incident response capabilities, allowing organizations to respond rapidly to security incidents and breaches. This can include automated incident detection and containment measures.
- Centralized Management: Centralized management console that enable organizations to monitor and manage their cybersecurity posture from a single interface.
Ingesting Cynet EndPoint Events
Reference: https://help.cynet.com/en/articles/91-sending-syslog-to-3rd-party-siem
Sending Syslog to 3rd-Party SIEM
You can configure the Cynet server to send alerts and audit logs via syslog to a 3rd party SIEM. Cynet can send syslog to an external SIEM server using one of the following transmission methods:
- UDP
- TCP Tracelog: Secured communication using TLS
- TCP: Use this method for testing purposes
When using TCP, you can also enable a secure connection: Cynet uses external SSL encryption between the Cynet server and the SIEM server.
Global operators can send syslog that includes information on all sites, or configure integration for each site separately. Sending syslog for each site can be configured from the global Settings page, or from each site, as detailed below.
To send syslog to an external SIEM:
- Navigate to Settings > Configuration > SIEM Settings.
- Select a transmission method: UDP, TCP Tracelog, or TCP.
- If you selected TCP, you can enable Secure Connection.
- Enter the IP address of the SIEM server.
- The default port is 514. If you enter a port other than 514, you must restart the Cynet services on the server to apply the change.
Click Add. - The server is added to the list of configured SIEM servers.
- Navigate to Settings > Advanced. Select the Send Audit Records to SIEM check box.
The external SIEM integration is set up.
Visualizations
Alerts summary:
Events by severity and cetagory:
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Contact Us: https://www.socfortress.co/contact_form.html