Configuring an SSH CryptoAuditor Appliance to Communicate with JSA
To collect SSH CryptoAuditor events, you must configure your third-party appliance to send events to JSA.
- Log in to SSH CryptoAuditor.
- Go to the syslog settings in Settings >External Services >External Syslog Servers.
- To create server settings for JSA, click Add Syslog Server.
- Type the JSA server settings: address (IP address or FQDN) and port in which JSA collects log messages.
- To set the syslog format to Universal LEEF, select the Leef format check box.
- To save the configuration, click Save.
- Configure SSH CryptoAuditor alerts in Settings >Alerts. The SSH CryptoAuditor alert configuration defines which events
are sent to external systems (email or SIEM/syslog).
Select an existing alert group, or create new alert group by clicking Add alert group.
Select the JSA server that you defined earlier in the External Syslog Server drop box.
If you created a new alert group, click Save. Save the group before binding alerts to the group.
Define which alerts are sent to JSA by binding alerts to the alert group. Click [+] next to the alert that you want to collect in JSA, and select the alert group that has JSA as external syslog server. Repeat this step for each alert that you want to collect in JSA.
- Apply the pending configuration changes. The saved configuration changes do not take effect until you apply them from pending state.