Integrate with Papertrail

In this topic, you will learn how to send Portnox™ Cloud alerts to the Papertrail SIEM solution.

Create a log destination in Papertrail

In this section, you will learn how to create a log destination in Papertrail and get information that is necessary to set up the integration with Portnox™ Cloud.

  1. Open your Papertrail dashboard in the browser.
  2. In the top menu, click on the Settings > Log Destinations option.

  3. In the Log Destinations pane, section, click on the Create Log Destination button to create a new log destination or, if Papertrail created a destination for you automatically upon first login, click on the Settings button in the tile representing that destination.

  4. In the Destination Settings pane:
    1. In the Accept logs from unrecognized systems? section, activate the Yes, recognize logs from new systems option.

    2. In the Accept connections via section, select the Port option and activate the Plain text checkbox in the UDP column. Then, click on the Update button to update your configuration.

  5. Back in the Log Destinations window, copy the domain name and the port of your Papertrail log destination and note them down in a temporary file.

  6. Use your operating system commands to obtain the IP addresses that the domain name resolves to.

    • Windows PowerShell (recommended):

      Resolve-DnsName domain_name

    • Windows Command Prompt:

      nslookup domain_name

    • macOS/Linux:

      dig +short domain_name

    Then, select one of the IP addresses to use in Portnox Cloud and note it down in a temporary text file.

    Note: There is no criteria for the selection of the address, you can simply select it at random, or, if the IP addresses are from different geographical regions, select the one that is closest to you by using third party services or commands.

Configure Portnox Cloud

In this section, you will learn how to configure Portnox™ Cloud to send alert data to the Papertrail collector.

  1. In the Cloud portal top menu, click on the Settings option.

  2. In the Cloud portal left-hand menu, click on the Integration Services > SIEM INTEGRATION SERVICE option.

  3. Create a new SIEM integration with Papertrail.
    1. In the SIEM integration service section, click on the Add new SIEM link.

      The NEW SIEM INTEGRATION section opens.

    2. In the Type field, select the Custom option.

    3. In the Name field, enter the name for the new integration.

      In this example, we used the name Papertrail but you can use any name you like.

    4. In the Status field, select the Enabled option.

    5. In the Protocol type field, select the Syslog over UDP option.

    6. In the IP field, paste the log destination IP that you noted down in the previous section.

    7. In the Port field, paste the port number that you noted down in the previous section.

    8. In the Communication method field, select the Direct option.

    9. In the Data format field, select the JSON option.

    10. Click on the Save button to add the integration.

    11. Optional: Test the configuration by clicking on the Test button.

  4. Optional: To configure the types of alerts sent to your SIEM solution, see the following topic: Portnox Cloud alerts.
    Note: To learn more about the content and format of alert messages sent to SIEM solutions, see the following topic: Format and content of alert information for SIEM.

    You can also send all of the Portnox Cloud activity log (activities performed by administrators in Portnox Cloud) to your SIEM solution. To do this, go to Troubleshooting > ACTIVITY LOG > Log Settings, activate the Activity log switch, and click on the Save button.

Result: Papertrail is receiving alerts from Portnox Cloud. You can check it using the Papertrail Events pane.