Trellix ESM Syslog Connector | BI

Configure Trellix Syslog event forwarding

Trellix Enterprise Security Manager (ESM) is the foundation of the Trellix security information and event management solution (SIEM). You can create a connector to forward all data types to Trellix Enterprise Security Manager.

You must configure your Trellix SIEM Solution to receive Syslog data sources.

1. In BeyondInsight, go to Configuration > General > Connectors.

2. From the Connectors pane, click Create New Connector.

   

3. Enter a name for the connector.

4. Select Trellix Syslog Event Forwarding from the Connector Type list.

5. Click Create Connector.

6. Leave Active (yes) enabled.

7. Select an optional syslog facility from the list.

8. Provide the required details for the available output pipelines for the Trellix Syslog data source:

   • Select the protocol: TCP, TCP-SSL, or UDP.
   • Enter Host Name and Port.

9. Select an output format: NewLine Delimited, Tab Delimited, or Comma Delimited.

10. Expand Event Filters, and then select the events you want to forward.

11. Click Test Connector to send a test event message.

12. Click Create Connector.

ℹ️

For more information, see the Trellix documentation for configuring a Syslog data source to SIEM solution.