Canvas 26 Don’t wait for the recap. Catch Miro’s latest launches from the Canvas 26 keynote, streaming live on May 19. Register now →
Deutsch Español Français 日本語 한국어(대한민국) Polski (Polska) Português do Brasil

Articles in this section

7.2 Setting up SIEM

  • Updated

Connect your Security Information and Event Management (SIEM) solution to Miro, and enable real-time monitoring and analysis of activity inside your Enterprise subscription.

Miro currently supports IBM QRadar and Splunk.

How to set up SIEM

The following procedure explains how to set up SIEM.

Prerequisites

Ensure that you enable SIEM, then generate and copy a Miro SIEM access token:

  1. In Admin console, go to Apps and integrations > Enterprise integrations.
  2. Toggle SIEM to the on position.
  3. For Access Token, click Generate new token.
    An access token is generated.
  4. Copy the SIEM access token.

IBM QRadar

Connect IBM QRadar to Miro Enterprise to monitor activity data from users, network devices, host assets and operating systems, applications, and detect vulnerabilities.

  1. Download and install the Miro Audit Logs connector for IBM QRadar.
  2. Install the Universal Cloud REST API protocol.
    More information: See Universal Cloud Rest API protocol configuration documentation (external).
  3. In IBM QRadar, add Miro as a log source. Follow the instructions for Adding a log source to receive events in the IBM QRadar documentation.

✏️ The Miro app for IBM QRadar uses the Audit Logs API (Miro Developer Platform) to fetch Miro Enterprise audit logs.

Splunk

Connect Splunk to Miro Enterprise to monitor and visualize user and security activity derived from Miro audit logs. 

  1. In Splunk, install Miro App for Splunk.
    The app is now available on your Splunk dashboard.
  2. On the dashboard, select Miro App for Splunk.
  3. Under Configuration > Logging, ensure that Log level is set to INFO.
  4. Under Inputs, select Create new input.
    The Add Miro Audit Logs modal opens.
  5. Add metadata for your new input, including the SIEM access token you created in Miro.
  6. Select Add.
    You return to the Inputs tab.
  7. Ensure your new input is Enabled.

More information:

Next: Conclusion

You have completed your Miro Enterprise configuration. For more information, see Ready for takeoff.

Was this article helpful?
Yes, thanks Not really
Sorry about that! Why wasn't the article helpful?
If you would like to get a reply from the Miro Support team, please create a ticket here
Thank you for your feedback!
Error! Please try later...
Return to top

Related articles