Overview
You can integrate Blumira with Ivanti Connect Secure (formerly Pulse Connect Secure) to send security event logs to Blumira for threat detection. Blumira then intelligently analyzes those logs to automatically detect suspected threats, notify you of those threats, and provide you with an actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Procedure
To configure Ivanti Connect Secure to send logs to Blumira:
- In Ivanti Connect Secure, navigate to System > Log/Monitoring.
- Click Settings.
- On the Log Settings page, expand the Syslog Servers section to configure the log destination.
- In the Servername/IP box, type your Blumira sensor's IP address.
- In the Facility list, select LOCAL0.
- In the Type list, select TCP.
- In the Filter list, select WELF: WELF.
- In the Source Interface list, select an interface that has access to your Blumira Sensor (e.g., Internal, Management, Global).
- Click Add, and then click Save Changes.