Device Integration: Infocyte

TABLE OF CONTENTS

• Overview
• Prerequisites
• Configuration Steps on Infocyte Console
• Verification Steps (MSSP Only)
  • On ADR CCE Server
  • On ADR SIEM UI
• Notes

Overview

Infocyte is a threat detection and response platform that provides visibility into endpoint compromises, persistence mechanisms, and malicious activity. By integrating Infocyte with ADR SIEM via Syslog, you can forward security events for centralized monitoring, correlation, and proactive threat detection.

Prerequisites

• Administrative access to the Infocyte console

• A running ADR CCE server with network reachability from Infocyte

• Firewall rules allowing UDP/514 (Syslog default) between Infocyte and CCE

Configuration Steps on Infocyte Console

1. Log in to the Infocyte Management Console with administrator privileges.

2. Navigate to:
   Settings → Integrations → Syslog

3. Enable Syslog Forwarding.

4. Fill in the following details:

   • Syslog Server (CCE IP): <CCE_IP>

   • Protocol: UDP

   • Port: 514

   • Format: CEF (recommended for ADR compatibility)

   • Severity Level: Choose according to your needs (e.g., Informational or above).

5. Save the configuration.

Verification Steps (MSSP Only)

On ADR CCE Server

Run the following command to confirm logs are being received:

sudo tcpdump -i any port 514 and host <Infocyte_IP> -s0 -AAA

If events are visible, logs are successfully reaching CCE.

On ADR SIEM UI

1. Log in with administrative rights.

2. Navigate to: System → Logs and Flows Collection Status

3. Under Source Device IP, the Infocyte device IP should appear.

Notes

• Ensure time synchronization (NTP) is enabled on Infocyte and CCE for accurate log timestamps.

• If logs are not visible:

  • Verify firewall rules (UDP 514 open).

  • Check if Infocyte Syslog service is enabled and active.

  • Validate network reachability using ping/telnet from Infocyte to CCE IP.