DarkTrace

Configuring DarkTrace IDS Syslog

To configure Darktrace to send Syslog to the BluSapphire Log Collector, you must be a Darktrace administrator with access to the user interface.

1. Log in to the Darktrace interface.

2. Expand the top left menu and select Admin, a second menu appears.

3. Select the System Config page.

4. In the “Alerting” section, click the Verify Alert Settings button.

5. In “JSON Syslog Alerts,” set the field to True.

6. Set the JSON Syslog server to the IP address of the “Log Collector”.

7. Set the JSON Syslog server port <port>. Check Appendix A for default port.

8. Set “JSON Syslog TCP Alerts” to True.

Last updated 1 month ago