SIEM Integration Steps for On-Premises Deployment of GYTPOL

Owned by Mark Zuk
Last updated: Mar 24, 2024
1 min read

Integrating GYTPOL with a Security Information and Event Management (SIEM) system is a crucial step to enhance the overall security infrastructure.

This integration facilitates the seamless flow of information between the GYTPOL Server and the designated SIEM server, enabling a more comprehensive and centralized approach to monitoring and analyzing security events.

To ensure a successful integration, a series of steps must be followed meticulously. From opening the required TCP port to configuring specific parameters in the siem.json file, each step plays a vital role in establishing a robust connection.

This guide outlines the essential steps in the correct order, emphasizing the importance of adherence to ensure a smooth integration process. Following these steps will not only enhance the capabilities of GYTPOL but also contribute to a more efficient and responsive security ecosystem.

 

  1. Ensure that the TCP port is open from the GYTPOL Server to the SIEM server.

  2. Go to C:\gytpol\data\Analyzer\Config\siem.json and open it using Notepad++.

  3. Modify the highlighted fields:

{
"host": "siemServer.yourdomain.com",
"port": 514,
"protocol": "TCP",
"timeout": 60,
"chunkSize": 100,
"gytpolServer": "gytpolServer.yourdomain.com",
"isSiemIntegrationEnabled": "true"
}

  1. Restart the GYTPOL Data Repository and GYTPOL Analyzer services.