Triumfant CEF Certified Configuration Guide

Summary:

The "Common Event Format Configuration Guide" for Triumfant, Inc.'s Resolution Manager outlines steps for configuring the syslog event collection feature on Windows platforms with a device version of 4.3.3109.1+. It explains how the platform analyzes and resolves issues on endpoint computers, ensuring compliance and security. Key configuration steps involve setting the destination IP address and port (typically 514) in the Admin Console, adding SysLog responses to specific filters, and mapping Triumfant-specific event definitions to ArcSight data fields as per the provided table ("Triumfant Events.xls"). This guide aims to ensure accurate syslog event capture according to user specifications while maintaining compatibility with systems like ArcSight.

Details:

The "Common Event Format Configuration Guide" for Triumfant, Inc's Resolution Manager outlines the steps to configure the syslog event collection feature. It specifies that this connector is supported on Windows platforms with a device version of 4.3.3109.1+. The guide provides an overview of how the Triumfant platform works in analyzing and remediating issues on endpoint computers, ensuring compliance and security. Key configuration steps include: 1. Navigating to "Administration -> Manage SysLog Preferences" in the Triumfant Resolution Manager's Admin Console to set the destination IP address and port for syslog events (typically using port 514). There is also an option to globally enable or disable syslog events. 2. For specific filter hits that need to be reported as syslog, add a SysLog response by selecting "Administration -> Manage Filters," finding the appropriate filter, clicking "Edit Responses" and choosing SysLog in available responses. 3. Mapping Triumfant-specific event definitions to ArcSight data fields is crucial for interoperability; refer to the provided table ("Triumfant Events.xls") for a list of events and their Event Ids, as well as detailed field mappings between vendor-specific events and ArcSight's SmartConnector data fields. This guide aims to facilitate the configuration process, ensuring that syslog events are captured accurately according to user specifications while maintaining interoperability with other systems like ArcSight.