Intelligence Center: Connecting to a SIEM

Similar to the Atakama Log Server, the Atakama Intelligence Center can be connected to a SIEM so that the SIEM would collect analytics gathered from endpoints running Atakama. 

Here are the steps to connect the Atakama Log Server to a SIEM:

  1. The Intelligence Center should already be running on a server. Intelligence Center installation instruction can be found here.
  2. Download the atakama_srv_config.yml file (attached below) and place it in the %localappdata%\Atakama folder on the server running the Intelligence Center.
  3. Open the atakama_srv_config.yml file in Notepad and locate the words "output_rfc3164_syslog_url". Replace the word "null" after the colon with the URL of the syslog server running the SIEM. 
  4. Save the file and via Task Manager stop the Intelligence Center from running (it will show up as Atakama Enterprise Dashboard under the Processes tab or atakama-srv.exe under the Details tab), then re-launch the Intelligence Center.
  5. On relaunch, you should see the URL of the syslog server shown in the Terminal Window, indicating the Intelligence Center is now sending information to the specified URL.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.