Skip to main content

SIEM Integration

SureMDM enhances security and amplifies visibility by integrating seamlessly with Security Information and Event Management (SIEM) systems. This integration bridges the gap between device management and security intelligence, offering a comprehensive solution that enables organizations to proactively monitor, detect, and respond to security threats across their mobile ecosystem. The SIEM system monitors and analyzes network and hardware activities inside the enterprise environment. 42Gears UEM has integration with the SIEM tool - Splunk, to transfer system activity logs and device activity logs.

Splunk Configuration

To configure in Splunk, follow these steps:

  1. Navigate to Splunk and create an account.

  2. After the successful creation of an account, go to Instances and click Access Instances.

  3. Click Settings > Data Inputs.

  4. In the Data Inputs section, click HTTP Event Collector.

  5. In the HTTP Event Collector section, click New Token.

  6. Enter a Name and click Next.

  7. In the Input Settings section, select the following options and click Review.

  • Source Type - Automatic
  • App Context - Search \& Reporting(search) 
  • Index - Main
  1. Check the entered details and click Submit.

    Token will be generated and displayed as Token Value.

  2. Navigate back to HTTP Event Collector section and click Global Settings.

  3. In the Edit Global Settings prompt, select Enabled for All Tokens and click Save.

  4. In the HTTP Event Collector section, copy the Token Value and URL (displayed on the browser). 

note

Token Value and URL copied here will be used while configuring SIEM settings in SureMDM Web Console.

Splunk Integration in SureMDM Web Console

To integrate Splunk with SureMDM Web, follow these steps: 

  1. Navigate to SureMDM Web Console > Settings (icon located at the top right of the screen) >  Account Settings > SIEM Integration.

  2. Configure the following required settings and click Save. 

SettingsDescription
Enable SIEM IntegrationAllows configuring SIEM settings.
Select ServerSelect the SIEM tool as Splunk from the dropdown menu.
HEC TokenEnter the token copied from Step no.11 of Splunk Configuration
Host URLEnter the URL copied from Step no. 11 of Splunk Configuration.
Source Type, Source (optional)

Enter the details.

For Example: Source Type: UEMLogs

Source: 42Gears

Now 42Gears UEM is integrated with Splunk. The system activity logs and device logs recorded in SureMDM Web Console will get updated automatically in Splunk every 24 hours.

Alt text

Access Logs in Splunk

After the successful integration of 42Gears UEM account with Splunk, the log details recorded in the console will get updated automatically and these log details can be easily accessed.

To access the log details from Splunk, follow these steps:

  1. Login to Splunk with the login credentials.

  2. Go to Instances and click Access Instances.

  3. Select Search & Reporting > Data Summary.

  4. Select the host from Hosts tab.

All the SureMDM account’s system logs and device logs will be displayed.