Forcepoint DLP - Learn more about collecting Forcepoint DLP logs using a Syslog Collector applet and content pack integration in Cortex Cloud. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Runtime Security
Creation date
2024-12-24
Last date published
2026-06-04
Category
Administrator Guide
Abstract

Learn more about collecting Forcepoint DLP logs using a Syslog Collector applet and content pack integration in Cortex Cloud.

You can configure collecting Corelight Zeek logs using a Broker VM Syslog Collector applet or with a content pack integration:

Forcepoint DLP vendor

Description

Syslog Collector applet overview

If you use Forcepoint DLP to prevent data loss over endpoint channels, you can forward logs to Cortex Cloud using the Broker VM Syslog Collector applet in a CEF or LEEF format.

Link to Syslog Collector applet instructions

Ingest logs from Forcepoint DLP

Link to content pack/integration details

The Forcepoint DLP content pack fetches security incidents from Forcepoint DLP and ingests them as events into Cortex Cloud for processing and analysis. contains the Forcepoint DLP Modeling Rule, and the Forcepoint DLP Parsing Rule. It also includes the following integration:

  • Forcepoint DLP Event Collector (Beta): Use this integration to fetch security incidents from Forcepoint DLP as Cortex Cloud events. This integration is an event collector and utilizes parsing and modeling rules within the content pack for data normalization.