Deutsch Español Français 日本語 한국어(대한민국) Polski (Polska) Português do Brasil

Articles in this section

6.2 Setting up SIEM

  • Updated

Connect your Security Information and Event Management (SIEM) solution to Miro, and enable real-time monitoring and analysis of activity inside your Enterprise subscription.

Currently available with IBM QRadar and Splunk.

How to set up SIEM

The following procedure explains how to set up SIEM.

Prerequisites

Ensure that you enable SIEM, and generate and copy a Miro SIEM access token.

Follow these steps:

  1. Go to Admin console.
  2. Select Enterprise integrations.
  3. Under Single sign-on, toggle SIEM to the on position.
  4. For Access Token on the right, select Generate new token.
    An access token is generated.

    You have successfully enabled SIEM, and generated and copied a Miro SIEM access token.

IBM QRadar

Connect IBM QRadar to Miro Enterprise to monitor activity data from users, network devices, host assets and operating systems, applications, and detect vulnerabilities.

✏️ The Miro app for IBM QRadar uses the Audit Logs API (Miro Developer Platform) to fetch Miro Enterprise audit logs.

Procedure

Follow these steps:

  1. Download and install the Miro Audit Logs connector for IBM QRadar.
  2. Install the Universal Cloud REST API protocol.

    More information: See Universal Cloud Rest API protocol configuration documentation (external).

  3. In IBM QRadar, add Miro as a log source. Follow the instructions for Adding a log source to receive events in the IBM QRadar documentation.

    You have successfully configured IBM QRadar as your SIEM solution in Miro.

Splunk

Connect Splunk to Miro Enterprise to monitor and visualize user and security activity derived from Miro audit logs. 

Procedure

Follow these steps:

  1. In Splunk, install Miro App for Splunk.
    The app is now available on your Splunk dashboard.
  2. On the dashboard, select Miro App for Splunk.
  3. Under Configuration > Logging, ensure that Log level is set to INFO.
  4. Under Inputs, select Create new input.
    The Add Miro Audit Logs modal opens.
  5. Add metadata for your new input, including the SIEM access token you created in Miro.
  6. Select Add.
    You return to the Inputs tab.
  7. Ensure your new input is Enabled.

    You have successfully configured Splunk as your SIEM solution in Miro.

More information:

Was this article helpful?
Yes, thanks Not really
Sorry about that! Why wasn't the article helpful?
If you would like to get a reply from the Miro Support team, please create a ticket here
Thank you for your feedback!
Error! Please try later...
Return to top

Related articles