From fe6878c2ca514156c52ad04ade44ce2bf7a6c3f1 Mon Sep 17 00:00:00 2001 From: braginini Date: Fri, 19 Apr 2024 19:49:26 +0200 Subject: [PATCH] Crosslink activity events and event streaming --- src/components/NavigationDocs.jsx | 2 +- ... => activity-event-streaming-to-siem-systems.mdx} | 12 ++++++++++-- .../how-to/monitor-system-and-network-activity.mdx | 7 +++++++ 3 files changed, 18 insertions(+), 3 deletions(-) rename src/pages/how-to/{activity-event-streaming.mdx => activity-event-streaming-to-siem-systems.mdx} (90%) diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx index aace7d20..c2e1a901 100644 --- a/src/components/NavigationDocs.jsx +++ b/src/components/NavigationDocs.jsx @@ -102,7 +102,7 @@ export const docsNavigation = [ title: 'Integrations', isOpen: false, links: [ - {title: 'Activity event streaming', href: '/how-to/activity-event-streaming' }, + {title: 'Activity event streaming', href: '/how-to/activity-event-streaming-to-siem-systems' }, {title: 'Identity provider sync', href: '/how-to/idp-sync' }, {title: 'Enable post quantum cryptography', href: '/how-to/enable-post-quantum-cryptography' }, {title: 'Endpoint Detection and Response (EDR)', href: '/how-to/endpoint-detection-and-response' }, diff --git a/src/pages/how-to/activity-event-streaming.mdx b/src/pages/how-to/activity-event-streaming-to-siem-systems.mdx similarity index 90% rename from src/pages/how-to/activity-event-streaming.mdx rename to src/pages/how-to/activity-event-streaming-to-siem-systems.mdx index 01a242ef..4da88d83 100644 --- a/src/pages/how-to/activity-event-streaming.mdx +++ b/src/pages/how-to/activity-event-streaming-to-siem-systems.mdx @@ -1,6 +1,14 @@ -# Stream Activity Events to Third-Party Platforms +# Stream activity events to third-party SIEM systems -This document provides step-by-step instructions and best practices for setting up NetBird activity event streaming integrations to different third-party platforms. +Security Information and Event Management (SIEM) systems play a critical role in network security by monitoring, +detecting, and responding to security threats in real-time. By aggregating and analyzing activity across the network, +SIEMs help identify anomalous patterns and potential breaches, providing a centralized view of security events. + +NetBird provides an event streaming feature that allows you to stream network [activity events](/how-to/monitor-system-and-network-activity) +to third-party SIEM systems, such as [Datadog](https://www.datadoghq.com/dg/security/siem-solution/), [Amazon S3](https://aws.amazon.com/s3/), [Amazon Data Firehose](https://aws.amazon.com/firehose/), and others. + +This document provides step-by-step instructions and best practices for setting up NetBird activity event streaming +integrations to different third-party platforms. This feature is only available in the cloud version of NetBird. diff --git a/src/pages/how-to/monitor-system-and-network-activity.mdx b/src/pages/how-to/monitor-system-and-network-activity.mdx index 2d2be1b5..76d78f91 100644 --- a/src/pages/how-to/monitor-system-and-network-activity.mdx +++ b/src/pages/how-to/monitor-system-and-network-activity.mdx @@ -26,6 +26,13 @@ You can also use the search bar to filter events by activity type. the backup files in the same folder as the script. Look for the DataStoreEncryptionKey field in the `management.json` backup file. +## Enable activity event streaming to SIEM systems + +NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. +With this feature enabled you can monitor and analyze NetBird network changes in your SIEM system. +Check the [integrations guide](/how-to/activity-event-streaming-to-siem-systems) for more information about the supported integrations and +how to enable them. + ## Get started