CurrentWare and SIEM Integration

CurrentWare and SIEM Integration

Alert
This feature is part of an add-on package. Contact sales or your success rep to get more information

CurrentWare now integrates with Security Information and Event Management (SIEM) platforms, allowing you to centralize your security data. This new feature enables CurrentWare to send event and vulnerability data to your SIEM, giving you a clear, comprehensive view of your security posture alongside data from your other systems.

By integrating CurrentWare with your SIEM solution, you can:

  1. Centralized monitoring: Consolidate all your security events in one place.
  2. Improve threat detection: Use your SIEM’s advanced analytics, machine learning, and AI to quickly detect threats and respond to security events.
  3. Simplify compliance: Easily meet regulatory and audit requirements by having all your security data available for reporting.
  4. Enhance visibility: Gain a unified view of user activities and security events across your network, all within your existing security workflow.

How it works

The SIEM integration is available in the CurrentWare Console under Settings > Integrations.

You can set up new integrations to send event data from CurrentWare to your SIEM. You have full control over the data you send, with options to:

  1. Choose a message format: Select between two standardized formats for event data:
    1. CEF (Common Event Format): A lightweight, standardized format for security events. Best for legacy SIEMs or basic event logging.
    2. JSON (JavaScript Object Notation): A flexible, structured format that is ideal for modern SIEMs that need detailed event information.
  2. Select specific events: Choose which events you want to send from AccessPatrol, BrowseControl, BrowseReporter, and the Audit Log. This allows you to tailor the integration to your specific security needs.
  3. Customize field names: Adjust the default field names to match your SIEM's existing rules and data schemas, ensuring seamless data flow.


Reliable and secure data transmission

CurrentWare is designed to ensure your event data is sent securely and reliably to your SIEM. If your network connection is lost or your SIEM is temporarily unavailable, CurrentWare will store the event data in its database. The system will then automatically retry sending all pending messages once the connection is restored, preventing any data loss.

Setting up your SIEM to receive CurrentWare data

Once you set up the integration in the CurrentWare Console, you will need to configure your SIEM to ingest the incoming event messages. Due to CurrentWare using standard formats like CEF, most SIEM vendors provide documentation on how to set up the data ingestion. Contact your SIEM vendor support for the latest instructions and information on how to configure your system to receive event messages from CurrentWare.


    • Related Articles

    • Importing Users from Active Directory (AD Sync) with CurrentWare

      With just a few simple steps, you can effortlessly import user profiles and organizational structures directly from your AD server. This integration ensures that your CurrentWare Server remains in sync with your existing user database, reducing ...

    • Uninstall CurrentWare

      Uninstalling the CurrentWare Client From the CurrentWare Web Console, open any CurrentWare solution. Choose a connected computer by selecting a checkbox From the Menu bar select Client Service > Uninstall. Be sure to uncheck the "Reboot the client ...

    • CurrentWare Overview

      CurrentWare provides a robust suite of compliant employee monitoring solutions for endpoint security, insider threat detection, administrative management, and web filtering. Solutions Web Filtering Solution BrowseControl is an easy-to-use Internet ...

    • Redirect CurrentWare Clients to another CurrentWare Server

      For the redirect feature to work, the PCs must be turned on. PCs that are not online will not retroactively update when turned on at a later time. #1 – Redirect Clients From One Server to Another (Push) This option is mainly for moving existing ...

    • CurrentWare Security & Assurance Practices

      CurrentWare is committed to the security of its platform, its customers, and their data. Here’s an overview of the security measures we take to keep the CurrentWare Suite safe. Authentication Security Password Protected: The admin console cannot be ...