Documentation Center
AlienVault® USM Appliance™

Tufin Orchestration Suite

When you configure Tufin Orchestration Suite to send log data to USM Appliance, you can use the Tufin Orchestration Suite plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Tufin
Device Type Endpoint Security
Connection Type Syslog
Data Source Name Tufin
Data Source ID 1878

Integrating Tufin Orchestration Suite

Before you configure the Tufin Orchestration Suite integration, you must have the IP Address of the USM Appliance Sensor.

To configure Tufin Orchestration Suite to send Syslog messages to USM Appliance

  1. From the Tufin Orchestration Suite UI, select Settings > Configuration > Notifications.
  2. On the Configure Servers display page, enter the USM Appliance IP or hostname in the Syslog Server field:
  3. On the Policy Change Notifications display page, select Send by syslog (and/or Send by SNMP Traps). These selections affect the "New revision saved" and "New revision installed" events.
  4. On the SecureTrack Administrative Alerts display page, select Send by syslog (and/or Send by SNMP Traps). These selections affect all events except for the "New revision saved" and "New revision installed".
  5. Click Save.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://forum.tufin.com/support/kc/latest/index.htm?toc.htm?4827.htm?zoom_highlight=remote+syslog

For troubleshooting, refer to the vendor documentation:

https://forum.tufin.com/support/kc/latest/index.htm?toc.htm?troubleshooting_securetrack.htm