Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Your Resolution1 CyberSecurity Device to Communicate with JSA


To collect Resolution1 CyberSecurity events, you must configure your third-party device to generate event logs in LEEF format. You must also create an FTP site for Resolution1 CyberSecurity to transfer the LEEF files. JSA can then pull the logs from the FTP server.

  1. Log in to your Resolution1 CyberSecurity device.
  2. Open the ADGIntegrationServiceHost.exe.config file, which is in the C:\Program Files\AccessData\eDiscovery\Integration Services directory.
  3. Change the text in the file to match the following lines:
  4. Restart the Resolution1 Third-Party Integration service.
  5. Create an FTP site for the C:\CIRT\logs output folder:
    1. Open Internet Information Services Manager (IIS).

    2. Right-click the Sites tab and click Add FTP Site.

    3. Name the FTP site, and enter C:\CIRT\logs as the location for the generated LEEF files.

    4. Restart the web service.