Cicso UCM
Cisco Unified Communications Manager (UCM) is a unified voice and video call control platform, offering enterprise-grade IP telephony, session management, and voice/video call processing services.
This pack includes Cortex XSIAM content.
What this pack contains
Syslog parsing rules for Cisco UCM
XDM modeling rules for authentication, device, CTI, and RTMT alerts
Server side configuration
- Log in to the Cisco Unified CM Administration interface.
- Navigate to System Enterprise > Parameters.
- Click
Remote Syslog Server Namefield, type the IP address your Broker VM and port. - Click the
Syslog Severity For Remote Syslog messageslist and select Informational. - Click Save.
- Click Apply Config.
Collect Events from Cisco UCM
In order to use the collector, use the Broker VM option.
Broker VM
To create or configure the Broker VM, use the information described here.
You can configure the specific vendor and product for this instance.
Navigate to Settings > Configuration > Data Broker > Broker VMs.
Go to the apps tab and add the Syslog app. If it already exists, click the Syslog app and then click Configure.
Click Add New.
When configuring the Syslog Collector, set the following values (not relevant for CEF and LEEF formats)
Parameter: : Value : ProtocolSet the Syslog Protocol defined on Cisco UCM side (TCP or UDP) PortEnter the Syslog Port that Cortex XSIAM Broker VM should listen on for receiving forwarded events from Cisco UCM VendorEnter ciscoProductEnter ucm
