F5 BIG-IP Local Traffic Manager Integration Guide
F5 BIG-IP Local Traffic Manager (LTM) appliances should be configured to send logs via syslog to the Taegis™ XDR Collector. F5 LTM logs are filtered and correlated for various security event observations. Please follow the instruction provided by F5 in this article to enable logging.
Connectivity Requirements ⫘
| Source | Destination | Port/Protocol |
|---|---|---|
| F5 BIG-IP LTM | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integrations ⫘
| Auth | DNS | HTTP | Management | Netflow | NIDS | Process | Thirdparty | |
|---|---|---|---|---|---|---|---|---|
| F5 LTM | D | Y |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions ⫘
To configure your F5 LTM appliance to send logs to Secureworks® Taegis™ XDR, follow the instructions provided by F5 in this article. Consider the following requirements when completing the configuration steps:
- Remote IP — The IP address of the XDR Collector
- Remote Port — 514