Configuring Your Resolution1 CyberSecurity Device to Communicate with JSA
To collect Resolution1 CyberSecurity events, you must configure your third-party device to generate event logs in LEEF format. You must also create an FTP site for Resolution1 CyberSecurity to transfer the LEEF files. JSA can then pull the logs from the FTP server.
- Log in to your Resolution1 CyberSecurity device.
- Open the
ADGIntegrationServiceHost.exe.configfile, which is in the
C:\Program Files\AccessData\eDiscovery\Integration Servicesdirectory.
- Change the text in the file to match the following lines:
<Option Name="Version" Value="2.0" /> <Option Name="Version" Value="2.0" /> <Option Name="OutputFormat" Value="LEEF" /> <Option Name="LogOnly" Value="1" /> <Option Name="OutputPath" Value="C:\CIRT\logs" />
- Restart the Resolution1 Third-Party Integration service.
- Create an FTP site for the
Open Internet Information Services Manager (IIS).
Right-click the Sites tab and click Add FTP Site.
Name the FTP site, and enter
C:\CIRT\logsas the location for the generated LEEF files.
Restart the web service.