Panda SIEMFeeder for Partners settings

To enable the settings, click the Send the following events to my SIEM toggle and select the groups of events that your SIEM solution will receive from all the telemetry data generated by the computers assigned to the settings.

Configuring groups

The telemetry data sent to Panda Security consists of the relevant events logged when programs are run on clients’ computers. These events are grouped based on their type. Each group can be enabled and disabled individually so the MSSP can choose to receive only those events they are interested in.

Group Description

Threat detections (malware, PUPs, exploits)

Alerts about malware/PUPs, exploits, and items blocked by advanced policies.

Loading and execution of executable (PE) files and scripts

Loading and execution of binary and non-binary (scripts) executable files.

Communications

Socket open and use events.

Access to data

Access to data contained in files and the Windows registry.

Creation and modification of executable (PE) files and scripts

Creation and modification of binary and non-binary (scripts) executable files.

Access to the Windows registry

Events related to access to the Windows Registry.

System events

Events related to access to devices, the WMI engine, as well as logins and logouts.

Threat hunting indicators (only for clients with Cytomic Orion)

Alerts generated by Orion hunting rules.

Event groups available to partners

For more information about the meaning and definition of the events sent to the service provider’s SIEM solution, refer to the Event Description Guide at https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/SIEMFeederAD-ManualDescripcionEventos-ES.pdf

Configuring the event format

  • Click the Change sending format link at the bottom of the page. The Select the format of the events sent to your SIEM window opens.

  • Select LEEF format or CEF format and click Save. The new setting is applied immediately.

Because the MSSP receives all events at a single SIEM server, all events are received in the same format. Therefore, if the Partner Center console user changes the event format in a settings profile, the change will apply to all other settings profiles created.

Default settings

With the default settings, all groups and the Send the following events to my SIEM toggle are disabled. Therefore, initially, partners do not receive any events from clients.