Skip to main content
Sign in
Deutsch Español Español (México) Français Italiano 日本語 한국어 Nederlands Português Português do Brasil Svenska Türkçe 简体中文 繁體中文
Jeremy Kan

The Securonix platform depends on connections to your organization's activity data and enrichment data. It must be configured with connector libraries to ingest this data from various sources, including antivirus tools, data loss prevention tools, identity and access management tools, SIEMs, third-party intelligence and other data sources to support the out-of-the-box and custom use cases in your environment. The Data Integrator establishes and maintains these connections.

A senior security professional, such as a SOC Manager or Security Architect, must manage ongoing operations and maintain the health of the Unified Defense SIEM platform and Hadoop cluster (infrastructure). This guide describes how to determine the Unified Defense SIEM deployment options in a Hadoop cluster, install Unified Defense SIEM on Hadoop cluster, configure Hadoop components, configure the Unified Defense SIEM application, configure datasources, ingest data, grant role-based access to the application, define business continuity and disaster recovery capabilities, and use monitoring capabilities of the platform to identify and troubleshoot common issues.

 

Who This Guide is For

This guide is for data integrators and deployment engineers responsible for implementing the Securonix platform within an organization.

How This Guide is Organized

This guide describes the process of ingesting and eniching data, and setting up datasources.

 

User identity data is information about the user such as first name, last name, department, division, title, manager. Unified Defense SIEM uses the user identity data to add context to events and activities. Additionally, this information is used during analytics to identify suspicious activities. User details from one or more identity data sources can be fed to the application.

Unified Defense SIEM ingests user identity data, correlates it, and detects anomalies indicative of different types of threats. Data ingested by the application is normalized and correlated to enable context-aware monitoring and analysis using advanced algorithms to identify threats.

Unified Defense SIEM provides connections to several different identity stores including directories, databases, delimited files, identity management systems, and identity governance technologies.

 

To Import User Data

  1. Configure the connection method for the tenant: You can use an existing connection or create a custom connection. See Connecting to User Data.
  2. Configure the User Import: This requires:
    • Mapping the event data attributes with corresponding Unified Defense SIEM attributes.

  • Setting conditional actions for user life cycle changes, white listing, and pre/post actions on identity data.

    See Configuring the User Import.

  1. Run the job: See Running the User Data Import Job.
  2. Review the user data (optional): Review the job status to ensure the data was uploaded successfully. See Reviewing the Imported User Data.

    Before You Begin
  3. Prior to importing data from a file, ensure you have the following information:
  4. File Name, location, type (fixed length), file delimiter
  5. The connection method, host IP address, port number, credentials, and source directory if the file is located on a remote server
  6. The URL and credentials for the proxy server if the remote server is a proxy server

    To Import User Data from a File

  7. Go to Menu > Add Data > User. The User Import screen appears.
  8. Click New Connection to create a new connection.
  9. Complete the following information in the Connection Method section:
    1. For Connection Method, choose File.
    2. For Connection Name, provide a unique name so the connection can be easily identified.
    3. From the Import Using drop-down, choose the Remote Ingester name.
      The Console option is used only for file uploads from the browser for testing purposes.
  10. Complete the requested information in the Connection Properties section. See Connection Settings - File for additional details.
  11. Click Save & Next. The Configure User Import screen appears.

 

  1. Next Steps

  2. See Configuring the User Import to map event attributes with corresponding Unified Defense SIEM attributes and set conditional actions.

Comments

0 comments

Please sign in to leave a comment.

We are here to help. Get in touch!

If your specific case has not been resolved yet, send us a message or follow up if you already sent a request.

Send Request;https://z3n-zentech.zendesk.com/hc/requests/new,Check your request status;https://z3n-zentech.zendesk.com/hc/requests