Configuring JSA to Forward Data to Other Systems
You can configure JSA systems to forward data to one or more vendor systems, such as ticketing or alerting systems. You can also forward normalized data to other JSA systems. The target system that receives the data from JSA is known as a forwarding destination.
With exception of domain tagging, JSA systems ensure that all forwarded data is unaltered. Domain information is removed from forwarded data. Events and flows that contain domain information are automatically assigned to the default domain on the receiving system.
To avoid compatibility problems when sending event and flow data, ensure that the deployment receiving the data is the same version or higher than the deployment that is sending the data.
Configure one or more forwarding destinations.
To determine what data you want to forward, configure routing rules, custom rules, or both.
Configure the routing options to apply to the data.
For example, you can configure all data from a specific event collector to forward to a specific ticketing system. You can also bypass correlation by removing the data that matches a routing rule.