Varonis (syslog)

In this guide, you will create a new entry in the Varonis DatAlert syslog configuration. This is required in order to send Varonis DatAlert events to Radiant Security through a relay server, which adds an extra layer of security.

Add the data connector in Radiant Security

First, you’ll add the Varonis data connector in Radiant Security.

1. Log in to Radiant Security.

2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

3. Search for and select the Varonis DatAlert (syslog) option and then click Data Feeds.

4. Under Select your data feeds, select Varonis DatAlert (syslog) and click Credentials.

5. Under Credential Name, give the credential an identifiable name (e.g. Varonis). If you already have a credential in place, select it from the drop-down menu.

6. In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.

7. Click Add Connector to save the changes.

8. Click Done to save your changes.

Configure the Radiant Security Security Agent

Refer to the Install the Radiant Security Agent guide to set up the Radiant Security Agent.

Configure syslog forwarding in Varonis

1. Log in to Varonis.

2. In Data Advantage, select Tools > DatAlert.

3. On the menu, click Configuration.

4. In Syslog Message Forwarding, enter the following:

   • Syslog Server: <Radiant Agent Local IP Address>

   • Port: <Radiant Agent Port>

   • Facility Name: 1 - user-level messages

5. Click OK.

6. In the menu, click Alert Templates.

7. Select Varonis LEEF Template and click Edit Alert Template.

1. On Apply to alert methods, select Syslog message.

1. Click OK.

Configure multiple rules to forward syslog alerts

1. Still in Varonis, in the DatAlert rules table, select the desired rules, then click Edit Rule

2. On the left menu, select Alerts Method

3. Click the Edit icon and select the Syslog message checkbox.

1. Click OK.