ATA Gateway SIEM Integration

Occasional Contributor



From my understanding, ATA Gateway can be fed in three different ways:

-Port Mirroring




Then, if you are using the lightweight Gateway, you do not need Port Mirroring or WEF, however, what are the SIEM logs used for ? I have read that only specific events can be forwarded from the SIEM to the Gateway, is that correct ? What are those events ?


Thank you,



1 Reply
best response confirmed by marc.biessy (Occasional Contributor)

If you are running all Lightweight GWs  > 1.8 , there is no additional value in incoming SIEM traffic.

ATA will read all the needed events locally.

SIEM has additional value in standalone GWs scenario, or in older version of ATA where we did not read event locally.