- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Sign Up for the Early Access Program: Site Collectors
- Set Up Archive Windows Collector
- Set Up Archive Linux Collector
- Set Up EStreamer Collector
- Set Up Fortinet Collector
- Set Up IBM Security QRadar Collector
- Set Up Kafka Collector
- Set Up Splunk Collector
- Set Up Linux File Collector
- Set Up Microsoft SQL Collector
- Set Up MySQL Collector
- Set Up Oracle Collector
- Set Up Syslog Collector
- Set Up Windows Active Directory Collector
- Set Up Windows Event Log Collector
- Set Up Windows File Collector
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Set Up EStreamer Collector
Set up the EStreamer Collector to collect event data from your eStreamer server and push the logs to Exabeam Security Operations Platform.
Before setting up the collector, ensure that you have Site Collectors' version 2.0 and above.
To set up the EStreamer Collector:
Ensure that you create a client on your eStreamer server to add authentication.
Log in to the Exabeam Security Operations Platform with your registered credentials.
Navigate to Collectors > Site Collectors.
Ensure that Site Collector is installed and in running state.
Note
To ensure successful EStreamer collector configuration, ensure that you do not set up your Site Collector instance on a proxy server.
On the Site Collector page, click the Collectors Library tab, then click EStreamer.
In the Definition section, enter the required information as follows.
Collector Name – Specify a name for the EStreamer collector instance.
Site Collector Instance – Select the site collector instance for which you want to set up the EStreamer Collector.
EStreamer Hostname or IP – Enter the IP address of the EStreamer server from which you want the EStreamer collector to pull logs.
Port – Enter the port number of your EStreamer server. The default port is 8302.
Click Next.
In the Authentication section, enter the following information and click Next.
TLS Protocol – Select the TLS protocol TLSv1.2 or TLSv1.3.
Certificate – Click Select File to upload a valid security certificate that you downloaded from your eStreamer server in*.pkcs12 format for the GCP VM on which your Site Collector application is installed.
Enter the password for the certificate and click Next.
In the Data section, enter the following information.
EStreamer Fetch Timestamp – Select the date and time from when you want the collector to fetch logs. By default current date and time is selected. If you want to select a threshold to include events to be ingested from the past, select a date previous to the present date. You can select a date which is backdated to 30 days.
Exclude Records – Select the record type IDs that you want to exclude. For more information about record types, see Intrusion Event and General Metadata Record Types in the Cisco documentation.
Click Setup.
The Estreamer collector is set up and is ready to pull logs from your eStreamer server.
Verify that the Collector installed. The Collector instance is listed in the Overview section on the user interface.
In case of installation failure, the collector is disabled, and the configuration is saved. You can check the status of the collector on the user interface or using the support package.
Create a Client on your eStreamer Server
For the eStreamer server to send events, add a client to the eStreamer server’s database. Download the certificate generated by the eStreamer server for this client, and upload this certificate while creating the collector instance to enable communication between the collector and eStreamer.
To create a client to add authentication:
Navigate to EStreamer Firewall Management Server (FMC)Server > Integration > eStreamer.
Click Create Client.
On the Create Client page, in the Hostname field, enter the external IP address of the host that runs your Site Collector instance. For additional security for the certificate file, enter the password.
Click Save.
To download the certificate from the FMC Server, click the download icon.
For more information, see Adding Authentication for eStreamer Clients in the Cisco documentation.
Use the downloaded certificate while configuring the EStreamer Collector.