Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Epic SIEM 2017 to Communicate with JSA

To collect events in JSA, you must configure the messaging queue values on your Epic SIEM 2017 system.

  1. From the command line, select Interconnect Administrator's Menu >Messaging Queues Setup.
  2. Type an asterisk (*) to create the EMPSYNC queue.
  3. Enter the queue values identified in the following table for each of the prompts.
    Table 1: Queue Values for EMPSYNC Prompts

    Prompt

    Value

    Queue ID

    Type an ID for the queue.

    Queue Name

    EMPSYNC

    Descriptor

    EMPSYNC

    Run on Node

    Press the Enter key. The value is automatically populated.

    IC Servers

    Press the Enter key, without typing a value.

    Edit advanced settings for this queue?

    Yes

    Does this queue handle synchronous outgoing messages?

    Yes

    Associate this descriptor with a queue type for outgoing communication?

    Yes

    Queue Type

    EMP

  4. Type an asterisk (*) to create the EMPASYNC queue.
  5. Enter the queue values identified in the following table for each of the prompts.
    Table 2: Queue Values for EMPASYNC Prompts

    Prompt

    Value

    Queue ID

    Type an ID for the queue.

    Queue Name

    EMPASYNC

    Descriptor

    EMPASYNC

    Run on Node

    Press the Enter key. The value is automatically populated.

    IC Servers

    Press the Enter key, without typing a value.

    Edit advanced settings for this queue?

    Yes

    Does this queue handle synchronous outgoing messages?

    No

    Associate this descriptor with a queue type for outgoing communication?

    Yes

    Queue Type

    EMP

  6. Deploy a new interconnect instance by using Kuiper.
  7. Access the Interconnect Configuration Editor in Windows, by clicking Start >Epic 2017 >Interconnect >your_instance >Configuration Editor.
  8. Select the General Web Service Host role.
  9. In Cache Connections, manually add the queue by the queue type, EMP.
  10. Set the number of threads to 2.

    For more information about thread count recommendations, see your Epic documentation.

    Note:

    Do not enable any services on the Business Services tab.

  11. Log in to your Epic server.
  12. Click Epic System Definitions (%ZeUSTBL) >Security >Auditing Options >SIEM Syslog Settings.
  13. Select SIEM Syslog Configuration, and then configure the following parameters:

    Parameter

    Value

    SIEM Host

    Your JSAEvent Collector host name or IP address.

    SIEM Port

    514

    SIEM Format

    LEEF (Log Event Extended Format)

    Check Application Layer Response

    Disable

  14. Return to the SIEM Syslog Settings Menu.
  15. If you want to reduce traffic that comes in to your SIEM system, disable the auditing events that your system does not require:
    1. Click SIEM Syslog Configuration Options >Edit Events List.

    2. From the Edit Events List, select T for each event that you want to disable.

    3. Click Q to quit.

  16. Select SIEM Syslog and set it to Enabled.
    Note:

    The SIEM Syslog Sending daemon is automatically started when the environment is set to runlevel Up or when you enable SIEM Syslog. If you want to stop the daemon, from the SIEM Syslog Settings menu, click SIEM Syslog and set it to Disabled.