Integrating ArcSight SIEM CEF with Cloud Suite

ArcSight Common Event Format (CEF) is an industry-standard log event format used for exchanging security-related events between different systems, including SIEM solutions. CEF provides a common structure for representing security events, making it easier to collect, aggregate, and analyze log data from various sources.

The integration between�Delinea Cloud Suite Privilege Access Management (PAS) Events and ArcSight CEF enhances security monitoring and incident response capabilities by aggregating and correlating Delinea Cloud Suite events within the ArcSight SIEM system. It helps organizations detect and respond to potential security incidents, enforce security policies, and meet compliance requirements.

Integration Keynotes:

  • Delinea Cloud Suite PAS Event Generation: Delinea Cloud Suite generates various events, such as privileged account logins, privilege elevation requests, password checkouts, and privileged session activities. These events capture important details about privileged access activities within Delinea PAS.

  • CEF-formatted Event Export: Delinea Cloud Suite exports the PAM events in CEF format, which includes standardized event fields and metadata. The CEF-formatted events contain relevant information, such as event type, timestamp, source IP, user identity, and action details.

  • Event Collection by ArcSight SIEM: ArcSight SIEM collects the CEF-formatted events from Delinea Cloud Suite, either through event forwarding mechanisms or by directly consuming log data from Delinea Cloud Suite log sources.

  • Event Aggregation and Correlation: ArcSight SIEM aggregates the Delinea Cloud Suite events with other security events from various sources. It correlates the events based on common attributes, such as source IP, user identity, or event type, to identify potential security incidents or patterns of suspicious behavior.

  • Alerting and Incident Response: ArcSight SIEM can trigger alerts or notifications based on predefined correlation rules and thresholds. Security teams can investigate and respond to the alerts, taking appropriate actions to mitigate any potential security threats.

  • Reporting and Compliance: The integration allows organizations to generate comprehensive reports and meet compliance requirements by leveraging ArcSight's reporting and auditing capabilities. It provides visibility into Delinea Cloud Suite events and supports security audits and regulatory compliance assessments.

To learn more about this integration, click here.