Citrix ADC Integration Guide
Citrix ADC should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in Citrix’s documentation to configure audit logging.
Connectivity Requirements ⫘
Source | Destination | Port/Protocol |
---|---|---|
Citrix ADC | XDR Collector (mgmt IP) | UDP/514 |
Important
The date format for NetScaler logs must be set as MM/DD/YYYY. The format of DD/MM/YYYY is not supported for proper ingest.
Data Provided from Integrations ⫘
Auth | CloudAudit | DNS | HTTP | Management | Netflow | NIDS | Process | Thirdparty | |
---|---|---|---|---|---|---|---|---|---|
Citrix ADC | D | D | Y | D |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions ⫘
To configure Citrix ADC to send logs to Secureworks® Taegis™ XDR via syslog, follow the instructions provided by Citrix to configure audit log policies.
Ensure you complete the following fields with the correct values:
- Server IP — The IP address of the XDR Collector
- Protocol — UDP
- Port — 514
Note
Citrix ADC events are normalized as XDR Sensor Type Netscaler
.