Snare Central sending logs to Exabeam

Owned by Steve Challans
Mar 10, 2021
1 min read

To send logs to Exabeam using the reflector you can use the standard TCP/UDP 514 ports or send using TLS over port 515. To send logs over TLS on port 515 you will need to add in an additional rule to the Snare Central firewall to allow TCP port 515 to flow out of the server. By default all traffic flow has ingress and egress firewall filtering in place.

To do this go to the System\Administrative tools menu and select the Configuration Wizard

  • Navigate to the Firewall Setup option to expand the settings.

  • Select the New Rule button as shown in the image

  • Then select the Add button to save the rule.

  • The rule is now saved and the reflector will be able to connect to Exabeam over TLS port 515.

  • You can check the status in the reflector and it should show as being in a connected state. You can monitor the graph for a while or view the monitor live data screen in the status menu to see the log types that are being forwarded to Exabeam.