Local Service Plugins

Fluency has the ability to integrate and accept feed from devices and services by other vendors. Fluency will analyze these imported event and "merge" them with collector/imported network traffic (flow) data to provide more insight.

Here you will find a current list of devices that have supported integration.

The following devices are supported:

  • GSuites

  • Office365 Management API

  • Azure Event Hub

  • Okta

  • Falcon

  • Cylance

  • Cisco AMP

  • Symantec EPC

  • Carbon Black

  • Carbon Black PSC

  • AWS CloudTrail / CloudWatch

  • Mimecast

  • Windows Active Directory (via NxLog agent)

  • Syslog (or any other vendor using similar output protocol)

For a more detailed list of supported Syslog data ingress, view the Syslog page.

Event Import Configuration

Fluency will parse and correlate imported event data with network traffic data. The parsed event will be merged into the corresponding metaflow record, so the user can search/review all associated information from one location.

collector conf

Event Import is configured on a per-collector basis, and is accessed through the "CONFIG" button.

collector conf event

Syslog Event import can be enabled on a specified port for both TCP and UDP. Select the desired options and click the "+ ADD" button. Repeat to add another entry if desired.

NOTE: A corresponding Firewall rule for the specified port should be opened. Refer to the section on Firewall Configuration for more information.

Fluency appliance has the ability to accept and parse a variety of input formats (within the Syslog protocol, for instance). It is possible that your particular device provides output in a format that Fluency can already use. When exporting data from your device, choose the JSON (preferred) or CEF formats for export whenever possible.