SIEM connector actions

Each Security Information and Event Management (SIEM) connection has the following set of available actions:

note

Child workspace clients are not able to perform actions on a connector.

Edit

The Edit action allows you to edit an existing SIEM connection. When selected, the Edit connector dialog is displayed:

Edit an existing connector

You can perform the following from the Edit connector dialog:

  • Edit the Name , Listener URL , and Authorization token value .
  • Add additional HTTP/HTTPS headers to the connection by selecting + Header .
    note

    This option is only applicable to connectors using the generic format.

  • Enable/disable the Apply to all customers option to apply the connector for all child workspaces linked to the channel workspace.

Select SAVE to save your changes.

Delete

The Delete action deletes the selected connector. The Delete connector? confirmation dialog is displayed:

Delete an existing connector

Select YES, DELETE to delete the connector.

The connector is deleted from the channel workspace and all linked child workspaces.

Sync

When a SIEM connection is disconnected, Coro waits two hours before attempting to reconnect. During this time, no events are collected and sent to the SIEM provider from Coro. To reconnect manually, select the Sync action.

note

When any action is performed on a connector, an entry is created in the Activity Log.

To access SIEM connector actions:

  1. Select the three-dot menu to the right of the connection name:

    Access connector actions

    A list of available connection actions are displayed:

    Connector actions

  2. Select the desired action.