Skip to main content

Kiteworks

The Kiteworks platform unifies, tracks, controls, and secures sensitive content communications.

Kiteworks

This pack includes Cortex XSIAM content.

Configuration on Server Side

This section describes the configuration that needs to be done on the Kiteworks administration console in order to forward Syslog messages from Kiteworks to Cortex XSIAM.

Follow the steps below from your Kiteworks admin console web interface:

  1. Go to the Locations page (https://<your_kiteworks_instance_domain\>/admin/#/locations.
    • If you are using the legacy admin user interface, navigate to SystemLocations.
    • If you are using the new admin user interface, navigate to System SetupLocations.
  2. Select the requested location and navigate to External Services.
  3. Expand the Syslog Settings section.
  4. Add a new syslog server configuration with the following properties -
    • Syslog Server - Enter the IP address of the target Cortex XSIAM Syslog Broker VM.
    • Protocol - Select UDP or TCP. Note: If you wish to use TLS, select TCP.
    • Port - Enter the syslog service port that the target Cortex XSIAM Broker VM would be listening on for receiving forwarded syslog messages from Kiteworks.
    • Use TLS - Select this checkbox if the syslog messages should be transported over TLS.
    • Format - Select JSON Format.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

You will need to use the information described here.

You can configure the specific vendor and product for this instance.


  1. Navigate to SettingsConfigurationData BrokerBroker VMs.

  2. Go to the APPS column under the Brokers tab and add the Syslog app for the relevant broker instance. If the Syslog app already exists, hover over it and click Configure.

  3. Click Add New.

  4. When configuring the Syslog Collector, set the following parameters:

    Parameter Value
    Protocol Select the relevant protocol in correspondence to the protocol that was defined in the syslog configuration on Kiteworks - UDP, TCP, or Secure TCP if the syslog forwarding on Kiteworks was defined with the Use TLS option.
    Port Enter the syslog service port that Cortex XSIAM Broker VM should listen on for receiving forwarded syslog messages from Kiteworks.
    Vendor Enter Kiteworks.
    Product Enter Kiteworks.

Remarks

The timestamp on the Kiteworks forwarded messages is interpreted in the GMT 0 timezone.

PUBLISHER

Cortex

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedDecember 7, 2023
Last ReleaseJanuary 17, 2024
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.