Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Varonis DatAlert

Connect Varonis DatAlert to Radiant Security to forward alerts for AI triage.

Varonis DatAlert is a data security platform that detects insider threats, ransomware, and unauthorized access to file shares, email systems, and other data stores. Connecting Varonis DatAlert forwards alerts to Radiant Security over syslog.

Varonis DatAlert can forward alerts to Radiant Security in two ways:

  • Through the Radiant Agent (recommended). Forward to a Radiant Agent deployed in your environment.

  • Direct to Radiant Security. Forward over TLS to the Radiant syslog cluster. Use only when a Radiant Agent is not available.

Prerequisites

Add the data connector in Radiant Security

  1. Sign in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors, then click + Add Connector.

  3. Search for and select Radiant Agent, then click Data Feeds.

  4. Under Select your data feeds, select Varonis DatAlert, then click Credentials.

  5. Under Credential Name, enter an identifiable name for the Radiant Agent integration (e.g., Radiant Agent Integration). To reuse an existing Radiant Agent credential, select it from the drop-down menu.

  6. Click Add Connector.

Configure Varonis DatAlert to forward syslog through the Radiant Agent

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive Varonis data. If you do not know the port, contact your Customer Success representative.

  1. Sign in to Varonis.

  2. In Data Advantage, select Tools > DatAlert.

  3. In the menu, click Configuration.

  4. In Syslog Message Forwarding, enter the following:

    • Syslog Server: the IP address of the Radiant Agent.

    • Port: the port configured on the Radiant Agent to receive Varonis data.

    • Facility Name: 1 - user-level messages

  5. Click OK.

  6. In the menu, click Alert Templates.

  7. Select Varonis LEEF Template, then click Edit Alert Template.

  1. Under Apply to alert methods, select Syslog message.

  1. Click OK.

Configure Varonis DatAlert to forward syslog directly to Radiant Security

Use this path only when a Radiant Agent is not available.

  1. Sign in to Varonis.

  2. In Data Advantage, select Tools > DatAlert.

  3. In the menu, click Configuration.

  4. In Syslog Message Forwarding, enter the following:

    • Syslog Server: cluster.syslog.radiantsecurity.ai

    • Port: 6514

    • Facility Name: 1 - user-level messages

  5. Click OK.

  6. In the menu, click Alert Templates.

  7. Select Varonis LEEF Template, then click Edit Alert Template.

  8. Under Apply to alert methods, select Syslog message.

  9. Click OK.

Apply syslog forwarding to DatAlert rules

  1. In Varonis, open the DatAlert rules table.

  2. Select the rules to forward, then click Edit Rule.

  3. On the left menu, select Alerts Method.

  4. Click the Edit icon, then select the Syslog message checkbox.

  1. Click OK.

Verify ingestion

After Varonis begins forwarding, confirm alerts are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by rs_connectorType:"varonis_datalert".

  3. Confirm recent alerts appear.

Allow several minutes for alerts to be parsed, indexed, and available for search.

PreviousCreate a Trend Micro Vision One API TokenNextVectra

Last updated

Was this helpful?