Blumira’s modern cloud SIEM platform integrates with Citrix Application Delivery Controller (ADC) to detect cybersecurity threats and provide actionable response to remediate when a threat is detected.
When configured, the Blumira integration with Citrix Netscaler ADC will stream security event logs to the Blumira service for actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Obtain the IP address of your Blumira sensor to use when configuring the external service.
To gather the IP address of the sensor:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Configuring Log Forwarding for Citrix Netscaler ADC
You must configure audit logging and forwarding for Citrix Netscaler ADC in order for Blumira to collect the logs. Read directions on how to configure log forwarding in Citrix’s Configuring Citrix ADC appliance for audit logging.
Provide the Blumira sensor information when setting up your syslog server:
- IP address of the Blumira sensor you will log events to
- Port number 514
Also, take the time to review your current security policies and ensure that they are up to date. Blumira generally prefers settings that will result in the most verbosity in regard to log content and volume and should be applied to every policy in the device.