Leveraging the Datto Networking Managed SOC integration

NAVIGATION  Partner Portal > Networking Status > Network Manager > Access Points > Advanced

NAVIGATION  Partner Portal > Networking Status > Network Manager > Switches > Switch settings

With Datto Networking, you have the ability to configure your switches, access points, and Secure Edge Gateways to send curated sets of syslog events to Managed Security Operations Centers (SOCs) and SIEM tools. These logs are useful for identifying potential Indicators of Compromise (IoCs) in your environment. This article describes the process to set up the integration for each of the endpoints.

NOTE  This feature is available to be used with any SIEM that supports the CEF format and has built parsing rules to ingest the log messages that your devices will send. It does not enable low-level system messages.

Prerequisites

To set up the Managed SOC integration, you'll need the following:

Environment prerequisites

  • You must have access to the Datto network you'd like to connect to your Managed SOC.

  • A SIEM that supports the Common Event Format (CEF), configured with parsing rules, must be present to ingest the log messages that the network devices will send.

  • At least one endpoint agent in your environment needs to be capable of aggregating and sending the syslogs that you want to forward to your SIEM/Managed SOC integration.

  • Additional endpoint-specific prerequisites are listed below.