This article helps you to connect your Forcepoint via SIEM to the Expel Workbench. The procedure is to port in logs by creating a new Syslog source, configuring that source in Workbench, then configure your Forcepoint via SIEM device in Workbench.

Note
Some steps in this procedure vary greatly depending upon the SIEM-based technology you use.

In this article

Step 1: Logging Forcepoint to a desired SIEM

Refer to your SIEM documentation or work with your SIEM representative to port in Forcepoint Web Filter logs. You can also refer to the following web references for creating a new Syslog source:

Step 2: Configure the SIEM in Workbench

This link opens the Expel Knowledge Base section for connecting SIEM-based technology to Workbench. Follow the applicable article to configure your SIEM-based tech and confirm that Forcepoint logs are flowing through and available.

Step 3: Configure Forcepoint in Workbench

  1. In a new browser tab, go to https://workbench.expel.io/settings/security-devices?setupIntegration=forcepoint_siem.Add Forcepoint via SIEM security device

  2. Fill in the device fields like this:

    • For SIEM, select the SIEM that was onboarded in Step 2.

    • For Name, type the host name of the Forcepoint device.

    • For Location, type the geographic location of the device.

  3. Click Save.