Skip to main content

How to Integrate ForcePoint ONE

Forcepoint ONE (Data Security Cloud) can forward logs to your SIEM using a syslog profile. This article walks you through setting it up from start to finish.

Written by Kara Crimson

The ForcePoint ONE integration is available on our Advanced and Enterprise packages.

Before you get started

Make sure you have:

  • Admin access to Forcepoint Data Security Cloud.

  • Your SIEM collector's IP address or hostname.

  • A firewall rule allowing outbound UDP from Forcepoint ONE to your collector.

Configuring ForcePoint ONE

Setting up a SIEM profile

  1. Sign in to Forcepoint Data Security Cloud.

  2. Click the ⚙️ Settings icon in the top-right corner.

  3. Go to Integration > SIEM.

  4. Click + Add New Profile.

  5. Enter a Name for the profile - this is required; you won't be able to save without it. Enter something descriptive, such as Defense.com SIEM.

  6. Optionally add a short Description.

Server Connection and Log Details

  1. The Export Destination should be set to Syslog.

  2. In Syslog Server, enter the hostname or IP address of your SIEM collector.

  3. Next, enter the Server Port 5514.

  4. Select the Transport Protocol UDP.

  5. Click Check Connection to confirm Forcepoint ONE can reach your collector.

  6. Log Format is set to JSON - this is the only available format

  7. Select the Event types you want to forward to your SIEM. You can choose one or more.

Once you have completed the configuration steps, please let us know via the ticket so we can confirm that ForcePoint ONE is logging.

And that's it! You've successfully integrated ForcePoint ONE🎉

Did this answer your question?