This article will walk you through how to set up the exporting of data from Nucleus to a syslog/SIEM tool, such as Splunk, ArcSight, InsightIDR, and all other SIEM tools). Exporting data from Nucleus allows organizations to analyze their vulnerability data and alerts within the context of their larger environment. By having Nucleus analytics conducted on the vulnerability data before being imported into a SIEM, an organization is weeding out much of the noise and getting actionable alert data specific to vulnerability management.
This also allows all teams to have the proper information necessary to do their respective jobs. Nucleus is not a closed box and we like to play well with other technologies, connecting the vulnerability management workflow from start to finish.
You can set up your syslog/SIEM connector by doing the following:
1. Log into Nucleus
2. Navigate to Project Administration > Connectors
3. Click on the Syslog connector panel
4. Enter in the following information, and then click Save:
- Syslog Server: Enter the url or IP address of your syslog/SIEM tool
- Syslog Port: Enter the port on which your SIEM server is listening for traffic
- Timeout: Enter a timeout for the messages to make it to the syslog server
- Optional: Asset and Vulnerability status. These are the parameters by which to send syslog traffic to your SIEM server. This allows you to specify what kind of traffic you want to send to your SIEM
5. Click Save Changes
6. Click Send Test Message
7. Log into your SIEM and determine if the message was successfully sent to your SIEM
8. Close the pop-up
Your syslog connector is now set up! You should see vulnerability information and alerts come in as new vulnerability scans are ingested into Nucleus!