# Varonis DatAlert

Varonis DatAlert is a data security platform that detects insider threats, ransomware, and unauthorized access to file shares, email systems, and other data stores. Connecting Varonis DatAlert forwards alerts to Radiant Security over syslog.&#x20;

Varonis DatAlert can forward alerts to Radiant Security in two ways:

* **Through the Radiant Agent (recommended).** Forward to a Radiant Agent deployed in your environment.
* **Direct to Radiant Security.** Forward over TLS to the Radiant syslog cluster. Use only when a Radiant Agent is not available.

### Prerequisites

* [ ] Admin access to Varonis DatAlert
* [ ] For the Radiant Agent path: a deployed [Radiant Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) reachable from the Varonis DatAlert server
* [ ] For the direct path: network egress from the Varonis DatAlert server to `cluster.syslog.radiantsecurity.ai` on TCP port `6514`

### Add the data connector in Radiant Security

{% tabs %}
{% tab title="Radiant Agent (recommended)" %}

1. Sign in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**.
3. Search for and select **Radiant Agent**, then click **Data Feeds**.
4. Under **Select your data feeds**, select **Varonis DatAlert**, then click **Credentials**.
5. Under **Credential Name**, enter an identifiable name for the Radiant Agent integration (e.g., `Radiant Agent Integration`). To reuse an existing Radiant Agent credential, select it from the drop-down menu.
6. Click **Add Connector**.
   {% endtab %}

{% tab title="Direct syslog" %}

1. Sign in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**.
3. Search for and select **Varonis DatAlert (syslog)**, then click **Data Feeds**.
4. Under **Select your data feeds**, select **Varonis DatAlert (syslog)**, then click **Credentials**.
5. Under **Credential Name**, enter an identifiable name for this credential (e.g., `Varonis`). To reuse an existing credential, select it from the drop-down menu.
6. In the **Connector tag** field, enter a random value. This value acts as the salt to randomize the Token generated for your connector.
7. Click **Add Connector**.
8. Click **Done** to save your changes.
   {% endtab %}
   {% endtabs %}

### Configure Varonis DatAlert to forward syslog through the Radiant Agent

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive Varonis data. If you do not know the port, contact your Customer Success representative.

1. Sign in to **Varonis**.
2. In **Data Advantage**, select **Tools** > **DatAlert**.
3. In the menu, click **Configuration**.
4. In **Syslog Message Forwarding**, enter the following:
   * **Syslog Server**: the IP address of the Radiant Agent.
   * **Port**: the port configured on the Radiant Agent to receive Varonis data.
   * **Facility Name**: `1 - user-level messages`
5. Click **OK**.
6. In the menu, click **Alert Templates**.
7. Select **Varonis LEEF Template**, then click **Edit Alert Template**.

<figure><img src="/files/0ywQwsRmvx1tZV9FOlZj" alt=""><figcaption></figcaption></figure>

8. Under **Apply to alert methods**, select **Syslog message**.

<div align="left"><figure><img src="/files/X4d2xlquwTTrDqxbzgc8" alt=""><figcaption></figcaption></figure></div>

9. Click **OK**.

### Configure Varonis DatAlert to forward syslog directly to Radiant Security

Use this path only when a Radiant Agent is not available.

1. Sign in to **Varonis**.
2. In **Data Advantage**, select **Tools** > **DatAlert**.
3. In the menu, click **Configuration**.
4. In **Syslog Message Forwarding**, enter the following:
   * **Syslog Server**: `cluster.syslog.radiantsecurity.ai`
   * **Port**: `6514`
   * **Facility Name**: `1 - user-level messages`
5. Click **OK**.
6. In the menu, click **Alert Templates**.
7. Select **Varonis LEEF Template**, then click **Edit Alert Template**.
8. Under **Apply to alert methods**, select **Syslog message**.
9. Click **OK**.

### Apply syslog forwarding to DatAlert rules

1. In Varonis, open the **DatAlert** rules table.
2. Select the rules to forward, then click **Edit Rule**.
3. On the left menu, select **Alerts Method**.
4. Click the **Edit** icon, then select the **Syslog message** checkbox.

<div align="left"><figure><img src="/files/zGWhOTKY9TJwwp4FXnuM" alt=""><figcaption></figcaption></figure></div>

5. Click **OK.**

### Verify ingestion

After Varonis begins forwarding, confirm alerts are reaching Radiant.

1. In Radiant, navigate to [Log Management](https://app.radiantsecurity.ai/logs).
2. Filter by `rs_connectorType:"varonis_datalert"`.
3. Confirm recent alerts appear.

{% hint style="info" %}
Allow several minutes for alerts to be parsed, indexed, and available for search.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/varonis-datalert.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.