Documentation forSecurity Event Manager

Configure SEM connectors for agent and non-agent devices

You can configure agent connectors for the target products that are installed on or remotely logging to the agent computer. After you configure the agent connectors, SEM can monitor and interact with the products and devices on the targeted computer.

Agent connectors run locally to monitor log files, as well as data logged to the agent computer from remote devices that cannot run an agent. The active response connectors (actors) allow the agent to receive instructions from the Manager and perform active responses locally on the agent computer, such as sending pop-up messages or detaching USB devices.

Use connector profiles to configure multiple agents

Most agents in a network include a few different connector configurations. You can streamline your connector configuration process by creating connector profiles. A connector profile groups agents that share the same connector configuration.

About the Manager connectors screen

The Manager connectors screen displays a list of all connectors that are not configured to a SEM agent. The non-agent connector will be installed on the virtual appliance, and the data will be parsed from this location. You can refine the list by status type, and category.

Configure a connector to monitor non-agent devices

Non-agent devices are devices that cannot host a SEM agent. These devices can include firewalls, proxy servers, domain controllers, and more. You must create a connector to monitor these devices.

  1. Locate a connector for your non-agent device.

    See SEM connector categories for a list of network security products that can be connected to SEM.

  2. Ensure that log data is being recorded for your non-agent source.

  3. Log in to the SEM Console.

  4. In the toolbar, click Configure > Manager connectors.

  5. In the search box, enter the connector name, and then click the magnifying glass icon.

  6. Select the checkbox next to the target connector.

  7. In the toolbar, click Add Connector.

  8. In the Name field, enter a new name, or keep the existing name.

  9. Click Add.

    The connector displays on the Manager Connectors tab under Configured connector.

  10. Under Configured connectors, select this connector.

  11. Click Start.

    The connector is started and enabled to collect data from the non-agent device.

When SEM recognizes that data is being retrieved from a new IP address that is currently a node, it will be added to the Nodes list automatically for you.

No additional configuration or management is required to monitor non-agent devices. The nodes exist to notify you that data is being received from an IP address.