Skyhigh (McAfee/Trellix) Secure Web Gateway Integration Guide🔗
The following instructions are for configuring Skyhigh Secure Web Gateway (formerly McAfee Web Gateway) to facilitate log ingestion into Secureworks® Taegis™ XDR.
Connectivity Requirements🔗
| Source | Destination | Port/Protocol |
|---|---|---|
| Skyhigh Secure Web Gateway | Taegis™ XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integration🔗
| Normalized Data | Out-of-the-Box Detections | Vendor-Specific Detections | |
|---|---|---|---|
| Skyhigh Secure Web Gateway | HTTP |
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions🔗
To configure the Skyhigh Secure Web Gateway to send logs to XDR via syslog, follow the instructions provided by the vendor. Consider the following requirements when completing the configuration steps:
- Protocol and Port — UDP/514
- Severity — 6 (Information)
- Log Types — Access and Audit logs
- Format — CEF