Skip to main content

Forcepoint Secure Web Gateway

Forcepoint Secure Web Gateway is an advanced web security solution that protects organizations from online threats and enforces web usage policies. It offers web filtering, malware protection, data loss prevention, and secure web access.

Forcepoint Secure Web Gateway

This pack includes Cortex XSIAM content.

Configuration on Server Side

In the Settings > General > SIEM Integration page you can configure Websense software to send log data from the Filtering Service to a supported Security Information and Event Management (SIEM) solution.
Before enabling the SIEM integration, make sure an instance of Websense Multiplexer is installed for each Policy Server in your deployment.

Perform these steps for each Policy Server instance in your deployment:

  1. Select Enable SIEM integration for this Policy Server to turn on the SIEM integration feature.
  2. Provide the IP address of the BrokerVM, as well as the communication Port to use for sending the data.
  3. Specify the Transport protocol (UDP or TCP) to use when sending data to XSIAM.
  4. Select syslog/CEF format to use. This determines the syntax of the string used to pass log data to the integration.
  5. Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.

When you save your changes, Websense Multiplexer connects to the Filtering Service and takes over the job of distributing log data to both the Log Server and the selected SIEM integration.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to Settings > Configuration > Data Broker > Broker VMs.
  2. Click the Apps tab and add the Syslog app. If it already exists, click the Syslog app and then click Configure.
  3. Click Add New.
  4. When configuring the Syslog Collector, set the following value:
    • Format as "Auto-Detect".

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 12, 2023
Last ReleaseJune 12, 2023

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.