Forcepoint Security Service Edge
Forcepoint Security Service Edge - Access Logs
Forcepoint Security Service Edge - Admin Logs
Forcepoint Security Service Edge - Cloud Logs
Forcepoint Security Service Edge - Health Logs
Forcepoint Security Service Edge - Overview
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Overview
Forcepoint Security Service Edge simplifies security at the edge by delivering safe access and data protection. Security Service Edge (SSE) eliminates gaps in coverage by unifying policy configuration, enforcement and reporting under a single platform.
This integration ingests the following logs:
- Cloud Logs (CloudSummary, CloudAudit): Logs related to the current status of files in cloud applications and scan results for each file in the account.
- Access Logs: Logs related to various application activities.
- Admin Logs: Admin events performed within the admin portal.
- Health Logs (HealthProxy, HealthApi, HealthSystem): Logs related to system, API, and proxy health.
Forcepoint Security Service Edge integration gathers these logs and forwards them to Datadog for seamless analysis. Datadog leverages its built-in log pipelines to parse and enrich these logs, facilitating easy search and detailed insights. With preconfigured out-of-the-box dashboards, the integration offers clear visibility into activities within the Forcepoint Security Service Edge platform. Additionally, it includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security.
Setup
Generate OAuth Token in Forcepoint Security Service Edge:
Login to the Forcepoint ONE Security Service Edge Platform.
Navigate to SETTINGS > API Interface > OAuth.
On the open REST API OAuth Configuration page, add and configure different levels of API permissions.
Click the green plus icons to add a new configuration.
On the Edit Application dialog, fill out the information as follows:
a. Name: Name for the new application configuration
b. Permissions: Select Access your Forcepoint logs (logs api) option.
c. Permitted User Group: Default is All. Select based on your requirements.
d. Click Ok to save the changes. You should see your application added to the list, but listed as Pending under status.
Select the name of your application in the Application column to go into the Edit Application.
a. On the Edit Application dialog, click the Token Authorization URL to authorize your current permission and get the access token.
b. On the Requested Access page send this URL to each permitted user and have them Approve their access. The Requested Access page allows you to Approve or Deny the application permission settings.
After the user approves, they are given an Access Token that is unique to that user. The user must keep this access token, it is required to configure integrations in Datadog. The token is valid forever and must be included in each request for authorization.
Once access has been approved, you will notice that Status is changed to Authorized.
For more information, see the Setting up an OAuth token documentation.
Connect your Forcepoint Security Service Edge Account to Datadog
Add your Access Token.
| Parameters | Description |
|---|
| Access Token | Access token from Forcepoint Security Service Edge |
Click Save.
Data Collected
Logs
The Forcepoint Security Service Edge integration collects and forwards Cloud logs (CloudSummary, CloudAudit), Access logs, Admin logs and Health logs (HealthProxy, HealthApi, HealthSystem) to Datadog.
Metrics
The Forcepoint Security Service Edge integration does not include any metrics.
Events
The Forcepoint Security Service Edge integration does not include any events.
Support
For any further assistance, contact Datadog support.
