Fluency has the ability to integrate and accept feed from devices and services by other vendors. Fluency will analyze these imported event and "merge" them with collector/imported network traffic (flow) data to provide more insight.
Here you will find a current list of devices that have supported integration.
The following devices are supported:
Office365 Management API
Azure Event Hub
Carbon Black PSC
AWS CloudTrail / CloudWatch
Windows Active Directory (via NxLog agent)
Syslog (or any other vendor using similar output protocol)
For a more detailed list of supported Syslog data ingress, view the Syslog page.
Fluency will parse and correlate imported event data with network traffic data. The parsed event will be merged into the corresponding metaflow record, so the user can search/review all associated information from one location.
Event Import is configured on a per-collector basis, and is accessed through the "CONFIG" button.
Syslog Event import can be enabled on a specified port for both TCP and UDP. Select the desired options and click the "+ ADD" button. Repeat to add another entry if desired.
NOTE: A corresponding Firewall rule for the specified port should be opened. Refer to the section on Firewall Configuration for more information.
Fluency appliance has the ability to accept and parse a variety of input formats (within the Syslog protocol, for instance). It is possible that your particular device provides output in a format that Fluency can already use. When exporting data from your device, choose the JSON (preferred) or CEF formats for export whenever possible.