Configuring a Log Source
JSA automatically discovers and creates a log source for LEEF formatted syslog events that are forwarded from Active Defense.
The following configuration steps are optional:
- Log in to JSA.
- Click the Admin tab.
- In the navigation menu, click Data Sources.
- Click the Log Sources icon.
- Click Add.
- In the Log Source Name field, type a name for the log source.
- In the Log Source Description field, type a description for the log source.
- From the Log Source Type list, select HBGary Active Defense.
- From the Protocol Configuration list, select Syslog.
- Configure the following values:
Table 1: HBGary Active Defense Syslog Protocol Parameters
Log Source Identifier
Type the IP address or host name for your HBGary Active Defense device.
The IP address or host name identifies your HBGary Active Defense device as a unique event source in JSA.
- Click Save.
- On the Admin tab, click Deploy Changes.
The HBGary Active Defense configuration is complete.