Similar to the Atakama Log Server, the Atakama Intelligence Center can be connected to a SIEM so that the SIEM would collect analytics gathered from endpoints running Atakama.
Here are the steps to connect the Atakama Log Server to a SIEM:
- The Intelligence Center should already be running on a server. Intelligence Center installation instruction can be found here.
- Download the atakama_srv_config.yml file (attached below) and place it in the %localappdata%\Atakama folder on the server running the Intelligence Center.
- Open the atakama_srv_config.yml file in Notepad and locate the words "output_rfc3164_syslog_url". Replace the word "null" after the colon with the URL of the syslog server running the SIEM.
- Save the file and via Task Manager stop the Intelligence Center from running (it will show up as Atakama Enterprise Dashboard under the Processes tab or atakama-srv.exe under the Details tab), then re-launch the Intelligence Center.
- On relaunch, you should see the URL of the syslog server shown in the Terminal Window, indicating the Intelligence Center is now sending information to the specified URL.