SIEM Integration Technical Specifications

Last Modified on 01/25/2019 1:24 pm PST

Technical specifications for Identity Cloud SIEM Integration are summarized as follows:

Filename pattern for event log files uploaded to SFTP server.

Specification

Description

Protocol

SFTP (Secure File Transfer Protocol). SFTP uses Secure Shell (SSH) to authenticate and establish secure network connections.

Supported Formats

Format of the data payload sent to client-provided endpoint. Allowed values are: Common Event Format (CEF) Version 0; and, Log Event Extended Format (LEEF) Version 2.

Character Encoding

UTF-8, a standard method for encoding Unicode characters.

Minimum Log Upload Interval

Minimum interval at which SIEM event log files are uploaded to an SFTP server. The default value is 1 minute.

Maximum Log Upload Interval

Maximum interval at which SIEM event log files are uploaded to an SFTP server. The default value is 1 day.

Filename Format

The filename pattern looks like this:

JANRAIN_SIEM_APP_ID_TIME_STAMP.log

Where TIME_STAMP is the number of UTC milliseconds since the Unix epoch. In the case of batch delivery, this value is derived from the timestamp of the first message in the batch.

In case you’re wondering, the Unix epoch represents the number of seconds that have elapsed since midnight on January 1, 1970 UTC (Coordinated Universal Time). For example, shortly before 8:00 AM on December 14, 2017 (Pacific Standard Time) the Unix epoch stood at 1513266008000 seconds. To determine the number of milliseconds in the Unix epoch, multiply the number of seconds by 1000: 1513266008000 x 1000 = 1513266008000000 milliseconds. 

Assuming you have the application ID htb8fuhxnf8e38jrzub3c7pfrr, that means that the log file for December 14, 2017 would have this name:

JANRAIN_SIEM_htb8fuhxnf8e38jrzub3c7pfrr_1513266008000000.log

Related Articles

Copyright © 2019. All rights reserved.