Ernest B Posted March 23, 2020 Report Share Posted March 23, 2020 Hi we have Immunet running on a few windows machines and would like to ingest Immunets event log into a SIEM. I am not able to find any configuration options nor anything in the documentation suggesting that it is possible for Immunet to send out events to a remote syslog server or a SIEM.. For example ClamAV on RHEL producer rich event logs of its activities, like update on the definitions, scan results, etc.. this is the kind of information we are interested in. What are the available options with Immunet and how to set it up, if possible? Link to comment Share on other sites More sharing options...
ritchie58 Posted March 23, 2020 Report Share Posted March 23, 2020 Hello Ernest B, To my knowledge Immunet can't be integrated into a System Information and Event Management configuration as a remote protocol. Immunet would also be incompatible with Red Hat Enterprise Linux since Linux is an Operating System that is not supported. Immunet only supports Microsoft Windows platforms. Additionally Immunet's history.db files are inaccessible by third-party software. This is a built-in security feature to help keep the files from being corrupted by outside sources. There is an enterprise version of Immunet called AMP for Endpoints that might better suit your needs! It's "much more customizable" than Immunet. AMP (Advanced Malware Protection) is not free like Immunet but it is reasonably priced and easily deployed to multiple endpoints. Here's a URL link if you'd like to check it out for yourself. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Regards, Ritchie... Link to comment Share on other sites More sharing options...
Ernest B Posted March 24, 2020 Author Report Share Posted March 24, 2020 That answers my questions. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now