SIEM Integration with Graylog

Pre-requisites

To begin integrating Enpass with Graylog,ensure that you have configured GELF HTTP Input (Graylog Extended Log Format over HTTP - Graylog Documentation) and it’s following details:

• HTTP Endpoint URL
• Secret Token

Configure Enpass Admin Console to Send Event Logs to Graylog

1. Log in to your Enpass Admin Console.
2. Navigate to Settings > SIEM (Event Logs)
   
3. Click the Configure button under the SIEM Integration section.
   
4. Select Graylog then click Continue.
   
5. Enter the following details:
   
   • URL: Enter your GELF Log Ingetion URL
   • Token: Enter your secret token ( System automatically adds "Bearer" prefix, so enter only the token value)
   
   
6. Click Verify & Save to complete the integration.

Once configured, Enpass will begin sending event logs to your Graylog server automatically.

Related topics

• Getting started with Event Logs
• Graylog Configuration