Setting Up and Configuring Janrain SIEM Integration

You will work with your Janrain representative to determine the optimal way to deploy SIEM Integration; this determination will be based on both your needs and your infrastructure. As a general rule, you configure your SIEM software; meanwhile, Janrain support personnel will configure the SIEM implementation and set up an SFTP server for your organization’s exclusive use.

Each organization will have a separate SIEM Integration project and configuration file; the configuration file is used to manage event delivery. At the present time, the configuration file is not exposed to organizations: if you want to make a change to your configuration file you will need to ask Janrain to make that modification. The file itself contains the following settings:

Setting Name

Description

Default Value

Required

remote_host

Remote hostname or IP address.

Yes

remote_port

Remote host TCP port.

22

No

remote_username

Remote host username.

No

remote_password

Remote host password.

No

rsa_key

Private RSA key for authentication with Janrain’s SFTP server.

Yes

remote_dir

Local path where log files will be uploaded.

/

No

upload_interval

Time interval (in seconds) for logs to be uploaded to the SFTP server. This value is currently not configurable.

1

No

event_format

Data format for SIEM events (can be CEF or LEEF).

CEF

No

severity

Integer value from 1 (lowest severity) to 10 (highest severity).

*

category

Event category; for example, Email, Identity, Profile, etc.

 *

role

Either user or admin.

*

Contact your Janrain representative for more information.

* See the Events Type table for more information