Data Pipeline Management Setup Guides on SolCyber Knowledgebase

Data Pipeline Management Setup Guides on SolCyber Knowledgebasehttps://kb.solcyber.com/data-pipeline-management-setup-guides/Recent content in Data Pipeline Management Setup Guides on SolCyber KnowledgebaseHugoenDPM Log Ingestion Nodehttps://kb.solcyber.com/data-pipeline-management-setup-guides/dpm-log-ingestion-node/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/dpm-log-ingestion-node/<h2 id="specs-and-requirements">Specs and Requirements<a class="anchor" href="#specs-and-requirements">#</a></h2> <table><thead><tr><th width="198.6171875">Requirement Type</th><th width="250.40234375">Requirement</th><th>Description</th></tr></thead><tbody><tr><td>Server</td><td>CPU</td><td><p><strong>Small:</strong> 4x CPU</p><p><strong>Med:</strong> 8x CPU</p></td></tr><tr><td>Server</td><td>RAM</td><td><p><strong>Small:</strong> 8 GB</p><p><strong>Medium:</strong> 24 GB</p></td></tr><tr><td>Server</td><td>Disk 1</td><td>75 GB root HD</td></tr><tr><td>Server</td><td>Disk 2</td><td><p><strong>Small:</strong> 200 GB unformatted HD</p><p><strong>Medium:</strong> 600 GB unformatted HD</p></td></tr><tr><td>Network</td><td>Reserved IP for each node</td><td>If deploying an ingestion mesh, please also reserve an IP for the software load balancer</td></tr><tr><td>Firewall Ports</td><td>Remote Management</td><td>Please ensure that your firewall allows the Ingestion Appliance(s) to communicate <em><strong>outbound</strong></em> on UDP/9993</td></tr><tr><td>Firewall Whitelisting</td><td>Node Health and Management</td><td><p>Please allow the nodes access to the following FQDNs on TCP/443:<br></p>Abnormal Email Securityhttps://kb.solcyber.com/data-pipeline-management-setup-guides/abnormal-email-security/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/abnormal-email-security/<h2 id="step-1-access-abnormal-security-platform">Step 1: Access Abnormal Security Platform <a href="#step-1-access-abnormal-security-platform" id="step-1-access-abnormal-security-platform"></a><a class="anchor" href="#step-1-access-abnormal-security-platform">#</a></h2> <ol> <li><strong>Log in to Abnormal Security Dashboard:</strong> <ul> <li>Navigate to your Abnormal Security Management Dashboard.</li> <li>Go to Settings > API Access.</li> </ul> </li> <li><strong>Enable API Access:</strong> <ul> <li>Ensure API access is enabled for your organization.</li> <li>Verify that you have the necessary permissions to create API tokens.</li> </ul> </li> </ol> <h2 id="step-2-generate-api-credentials">Step 2: Generate API Credentials <a href="#step-2-generate-api-credentials" id="step-2-generate-api-credentials"></a><a class="anchor" href="#step-2-generate-api-credentials">#</a></h2> <ol> <li><strong>Create API Token:</strong> <ul> <li>Navigate to Settings > API Access in your Abnormal Security dashboard.</li> <li>Click “Generate New Token” or “Create API Key”.</li> <li>Enter a descriptive name for the token (e.g., “SolCyber Integration”).</li> <li>Select the appropriate permissions for threat data access: <ul> <li><code>threats:read</code> - Read access to threat data</li> <li><code>threats:list</code> - List threats</li> <li><code>threats:get</code> - Get individual threat details</li> </ul> </li> </ul> </li> <li><strong>Note API Credentials:</strong> <ul> <li>Copy the <strong>API Base URL</strong> and <strong>Access Token</strong> from the API settings.</li> <li>These will be used in the SolCyber integration.</li> <li>Store the access token securely as it cannot be retrieved again. You will need to provide this information to SolCyber.</li> </ul> </li> </ol> <h2 id="step-3-configure-threat-data-access">Step 3: Configure Threat Data Access <a href="#step-3-configure-threat-data-access" id="step-3-configure-threat-data-access"></a><a class="anchor" href="#step-3-configure-threat-data-access">#</a></h2> <ol> <li><strong>Set up Threat Data Permissions:</strong> <ul> <li>Ensure your API token has access to the threat data you want to ingest.</li> <li>Verify that threat data is being generated and is accessible via the API.</li> </ul> </li> <li><strong>Test API Connectivity:</strong> <ul> <li>Use <strong>Postman</strong> or <strong>cURL</strong> to test API requests to Abnormal Security.</li> <li>Verify that you can successfully retrieve threat data using your credentials.</li> </ul> </li> </ol> <h2 id="step-4-network-configuration">Step 4: Network Configuration <a href="#step-4-network-configuration" id="step-4-network-configuration"></a><a class="anchor" href="#step-4-network-configuration">#</a></h2> <ol> <li><strong>Whitelist Databahn IPs:</strong> <ul> <li>Add Databahn’s IP addresses to your Abnormal Security tenant’s allowed IPs if IP restrictions are enabled.</li> <li>Contact Databahn support for the specific IP ranges.</li> </ul> </li> <li><strong>Configure Rate Limits:</strong> <ul> <li>Review and adjust API rate limits if necessary to accommodate your data ingestion needs.</li> </ul> </li> </ol> <blockquote class='book-hint note' ><div class="kb-alert-icon" aria-hidden="true"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4"/><path d="M12 8h.01"/></svg></div><div class="kb-alert-body"> <p><strong>Abnormal Security Integration Reference</strong></p>Cisco Duohttps://kb.solcyber.com/data-pipeline-management-setup-guides/cisco-duo/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/cisco-duo/<blockquote class='book-hint note' ><div class="kb-alert-icon" aria-hidden="true"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4"/><path d="M12 8h.01"/></svg></div><div class="kb-alert-body"> <p>Note that only administrators with the <a href="https://duo.com/docs/admin-roles">Owner</a> role can create or modify an Admin API application in the Duo Admin Panel.</p> </div> </blockquote> <p>Ingestion of the following types of DUO logs is supported:</p> <ul> <li>Duo Security Administrator</li> <li>Duo Security Authentication</li> </ul> <ol> <li>Log in to the <a href="https://admin.duosecurity.com/">Duo Admin Panel</a> and navigate to <strong>Applications</strong>.</li> <li>Click <strong>Protect an Application</strong> and locate the entry for <strong>Admin API</strong> in the applications list. Click <strong>Protect</strong> to the far-right to configure the application and get your <strong>integration key, secret key, and API hostname</strong>. You’ll need to provide these credentials to SolCyber via onetimesecret.com or other secure methods. </li> <li>The required permissions are: <ul> <li>Grant read log</li> <li>Grant read information</li> <li>Grant read resource</li> </ul> </li> </ol>Cisco Umbrellahttps://kb.solcyber.com/data-pipeline-management-setup-guides/cisco-umbrella/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/cisco-umbrella/<p>To facilitate log export to a SIEM, you must configure Umbrella logs to be stored in an AWS S3 bucket. We strongly recommend the use of your own S3 bucket, as the Cisco-managed option will have it’s token reset every 90-days.</p> <h2 id="create-an-s3-bucket">Create an S3 Bucket<a class="anchor" href="#create-an-s3-bucket">#</a></h2> <p>When you set up your Amazon S3 bucket, you must add a bucket policy which accept uploads from Umbrella. Copy the following preconfigured JSON and substitute your S3 bucket name for <code>bucketname</code>. Then, paste the Umbrella S3 bucket policy into your Amazon S3 bucket policy.</p>Cisco Meraki Firewallhttps://kb.solcyber.com/data-pipeline-management-setup-guides/cisco-meraki-firewall/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/cisco-meraki-firewall/<ul> <li> <p>Go to <strong>Network-wide</strong> > <strong>Configure</strong> > <strong>General</strong>.</p> </li> <li> <p>Click <strong>Add a syslog server</strong> to define a new server. </p> <p><img src="https://documentation-be.securonix.com/bundle/securonix-cloud-user-guide/page/content/resources/images/imported/cisco_meraki/1.png?_LANG=enus" alt="" /></p> <ul> <li><strong>Server IP</strong>: The Datahan Collector IP address.</li> <li><strong>Port:</strong> The SolCyber team will specify the port to use.</li> <li><strong>Roles:</strong> The roles to send to the server.</li> </ul> </li> <li> <p>Choose the type of events to export:</p> <ul> <li><strong>Event Log</strong>: The messages from the dashboard under Monitor > Event Log.</li> <li><strong>Flows</strong>: Inbound and outbound traffic flow-generated syslog messages that include the source, destination, and port numbers.</li> <li><strong>URL:</strong> HTTP GET requests generating syslog entries.</li> </ul> </li> </ul>Fortinet Fortigate Firewallhttps://kb.solcyber.com/data-pipeline-management-setup-guides/fortinet-fortigate-firewall/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/fortinet-fortigate-firewall/Microsoft Azure Security Centerhttps://kb.solcyber.com/data-pipeline-management-setup-guides/microsoft-azure-security-center/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/microsoft-azure-security-center/<ol> <li>Open the <strong>Azure Active Directory</strong> resource in the Azure Portal.</li> <li>Click <strong>App registrations</strong> > <strong>New Registration</strong>.</li> </ol> <figure><img src="https://kb.solcyber.com/assets/Defender_image_1.png" alt=""><figcaption></figcaption></figure> <ol> <li> <p>Provide a name, and select the account scope to Single tenant.</p> </li> <li> <p>Click <strong>Register</strong>.</p> </li> <li> <p>Click on the new application created on the App registration screen.</p> </li> <li> <p>Copy the <strong>Client ID</strong> and <strong>Tenant ID</strong>, and then click <strong>View API permissions</strong>.</p> <figure><img src="https://images.gitbook.com/__img/dpr=2,width=1168,onerror=redirect,format=auto,signature=-1575248681/https%3A%2F%2Fdocumentation-be.securonix.com%2Fbundle%2Fsecuronix-cloud-user-guide%2Fpage%2Fcontent%2Fresources%2Fimages%2Factive-deployment-guides%2Fmicrosoft%2Fazure-identity-protection-2.png%3F_LANG%3Denus" alt=""><figcaption></figcaption></figure> </li> <li> <p>Click <strong>Add a permission</strong>, and then click the <strong>Microsoft Graph API</strong>.</p> <figure><img src="https://images.gitbook.com/__img/dpr=2,width=1168,onerror=redirect,format=auto,signature=-996502312/https%3A%2F%2Fdocumentation-be.securonix.com%2Fbundle%2Fsecuronix-cloud-user-guide%2Fpage%2Fcontent%2Fresources%2Fimages%2Factive-deployment-guides%2Fmicrosoft%2Fazure-identity-protection-3.png%3F_LANG%3Denus" alt=""><figcaption></figcaption></figure> </li> <li> <p>Click <strong>Application permissions</strong>, search for SecurityEvents, and then select <strong>SecurityEvents.Read.All</strong>.</p>Microsoft EntraID Eventshttps://kb.solcyber.com/data-pipeline-management-setup-guides/microsoft-entraid-events/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/microsoft-entraid-events/<ul> <li>Login to <strong>Azure</strong> portal.</li> <li>Locate <strong>App registrations</strong> using the <strong>Search</strong> bar from <strong>Dashboard</strong>.</li> </ul> <p><img src="https://kb.solcyber.com/assets/image%20%28188%29.png" alt="" /></p> <ul> <li>Click <strong>New Registration</strong> from the <strong>App registrations</strong> screen to register an application.</li> </ul> <p><img src="https://kb.solcyber.com/assets/image%20%2868%29.png" alt="" /></p> <ul> <li>Provide the following details in the <strong>Register an application</strong> screen:</li> <li><strong>Name</strong>: SolCyber AzureAD Users</li> <li><strong>Supported account Types</strong>: Select the <strong>Accounts in this organizational directory only</strong> option.</li> <li>Click <strong>Register</strong>.</li> <li>Make a copy of <strong>Application (client ID)</strong> and <strong>Directory (tenant ID)</strong> for the application from the Application screen.</li> </ul> <figure><img src="https://kb.solcyber.com/assets/Gemini_Generated_Image_s8w124s8w124s8w1.png" alt=""><figcaption></figcaption></figure> <ul> <li>Click <strong>API Permission</strong>.</li> </ul> <figure><img src="https://kb.solcyber.com/assets/Gemini_Generated_Image_uurhv5uurhv5uurh.png" alt=""><figcaption></figcaption></figure> <ul> <li>Click <strong>Add a permission</strong>. A new <strong>Request API Permissions</strong> screen is displayed.</li> <li>Select <strong>Microsoft Graph</strong> from the <strong>Request API permissions</strong> screen.</li> </ul> <p><img src="https://kb.solcyber.com/assets/image%20%28198%29.png" alt="" /></p>Office 365 (Azure AD, Exchange, SharePoint, General)https://kb.solcyber.com/data-pipeline-management-setup-guides/microsoft-office365/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/microsoft-office365/<p>Log in to the <a href="https://portal.azure.com/">Azure portal</a> as an admin and search for <strong>App registrations</strong> in the top search bar.</p> <p><img src="https://2315849798-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M_RDtNLnj4J3_rcbkr7%2Fuploads%2FDGec89J7JiRXcSmbr6xY%2Fimage.png?alt=media%5c&token=295f1a11-ea9b-46ad-950e-7103e8b7f8c0" alt="" /></p> <p>Click <strong>+ New registration</strong>.</p> <p><img src="https://2315849798-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M_RDtNLnj4J3_rcbkr7%2Fuploads%2FWLRlyst59pmwinEPmOQQ%2Fimage.png?alt=media%5c&token=bd5b3e6b-6cf5-4044-88c6-2016ba7399df" alt="" /></p> <p>Enter the following details on the <strong>Register an application</strong> page:</p> <ul> <li><strong>Name</strong>: SolCyber-O365</li> <li><strong>Supported account types</strong>: Accounts in this organizational directory only (Single Tenant)</li> </ul> <figure><img src="https://kb.solcyber.com/assets/O365_image_2.png" alt=""><figcaption></figcaption></figure> <p>Click <strong>Register</strong>. You will be redirected to the new application overview screen.</p> <blockquote class='book-hint note' ><div class="kb-alert-icon" aria-hidden="true"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4"/><path d="M12 8h.01"/></svg></div><div class="kb-alert-body"> <p>Copy the Application (client) ID and Directory (tenant) ID. You will need to provide these to SolCyber.</p>Palo Alto Firewallhttps://kb.solcyber.com/data-pipeline-management-setup-guides/palo-alto-firewall/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/palo-alto-firewall/<h2 id="step-1-create-a-syslog-server-profile">Step 1. Create a Syslog Server Profile <a href="#step-1-create-a-syslog-server-profile" id="step-1-create-a-syslog-server-profile"></a><a class="anchor" href="#step-1-create-a-syslog-server-profile">#</a></h2> <ol> <li> <p>Navigate to:<br> <strong>Device > Server Profiles > Syslog</strong></p> <figure><img src="https://app.cp-us01-prod01-aws.databahn.app/help/assets/images/palo_1-008fdb5350c985a052853d964349a4d0.png" alt=""><figcaption></figcaption></figure> </li> <li> <p>Configure the following:</p> <ul> <li> <p><strong>Syslog Name</strong>:<br> Enter a name for the syslog profile (up to 31 characters).<br> The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.</p> </li> <li> <p><strong>Name</strong>:<br> Click <strong>Add</strong> and enter a name for the syslog server (up to 31 characters).<br> The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.</p>Qualys Vulnerability Managementhttps://kb.solcyber.com/data-pipeline-management-setup-guides/qualys-vulnerability-management/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/qualys-vulnerability-management/<ol> <li><strong>Log into Qualys Console:</strong> <ul> <li>Navigate to your Qualys Security Operations Center (SOC)</li> <li>Sign in with your administrative credentials</li> </ul> </li> <li><strong>Create Service Account:</strong> <ul> <li>Go to <strong>Users</strong> > <strong>Users</strong></li> <li>Click <strong>New</strong> > <strong>User</strong></li> <li>Provide username and strong password</li> <li>While creating the new user: <ul> <li>Assign the user a <strong>Manager</strong> role.</li> <li>Open the User Role side tab.</li> <li>From the role drop-down, select <strong>Manager</strong>.</li> <li>Enable the option for API access so the role supports API usage.</li> </ul> </li> <li>Complete the user creation process and save the user.</li> </ul> </li> </ol> <blockquote class='book-hint note' ><div class="kb-alert-icon" aria-hidden="true"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4"/><path d="M12 8h.01"/></svg></div><div class="kb-alert-body"> <p>You will need to provide the following information to SolCyber:</p>Sailpointhttps://kb.solcyber.com/data-pipeline-management-setup-guides/sailpoint/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/sailpoint/<h2 id="step-1-create-sailpoint-application">Step 1: Create Sailpoint Application <a href="#step-1-create-sailpoint-application" id="step-1-create-sailpoint-application"></a><a class="anchor" href="#step-1-create-sailpoint-application">#</a></h2> <ol> <li><strong>Log in to Sailpoint IdentityNow:</strong> <ul> <li>Navigate to your Sailpoint IdentityNow tenant.</li> <li>Go to Admin > Applications.</li> </ul> </li> <li><strong>Create New Application:</strong> <ul> <li>Click “Create Application”.</li> <li>Enter a name for your application (e.g., “SolcyberIntegration”).</li> <li>Select “OAuth Client” as the application type.</li> <li>Click “Create”.</li> </ul> </li> </ol> <h2 id="step-2-configure-application-settings">Step 2: Configure Application Settings <a href="#step-2-configure-application-settings" id="step-2-configure-application-settings"></a><a class="anchor" href="#step-2-configure-application-settings">#</a></h2> <ol> <li><strong>Grant API Access:</strong> <ul> <li>In the “OAuth Scopes” section of your application, enable the following scopes: <ul> <li><code>sp:scopes:default</code></li> <li><code>sp:read:audit-events</code></li> <li><code>sp:read:activity-events</code></li> <li><code>sp:read:account-activity</code></li> <li><code>sp:read:tenant-settings</code></li> </ul> </li> </ul> </li> <li><strong>Note Application Credentials:</strong> <ul> <li>Copy the <strong>Client ID</strong> and <strong>Client Secret</strong> from the application settings.</li> <li>Note your <strong>Base URL</strong> (e.g., <code>https://your-tenant.identitynow.com</code>).</li> <li><em><strong>You will need to provide this information to SolCyber</strong></em>.</li> </ul> </li> </ol> <h2 id="step-3-configure-log-collection">Step 3: Configure Log Collection <a href="#step-3-configure-log-collection" id="step-3-configure-log-collection"></a><a class="anchor" href="#step-3-configure-log-collection">#</a></h2> <ol> <li><strong>Enable Audit Logging:</strong> <ul> <li>Go to Admin > Audit Configuration in your Sailpoint IdentityNow tenant.</li> <li>Ensure audit logging is enabled for the following events: <ul> <li>Authentication events</li> <li>Authorization events</li> <li>User management events</li> <li>Role and permission changes</li> <li>Access reviews and certifications</li> </ul> </li> </ul> </li> <li><strong>Configure Activity Logging:</strong> <ul> <li>Go to Admin > Activity Configuration.</li> <li>Enable activity logging for: <ul> <li>User login/logout events</li> <li>Application access events</li> <li>Data access events</li> <li>Administrative actions</li> </ul> </li> </ul> </li> <li><strong>Configure Account Activity Logging:</strong> <ul> <li>Go to Admin > Account Activity Configuration.</li> <li>Enable account activity logging for: <ul> <li>Account provisioning and deprovisioning events</li> <li>Account attribute changes</li> <li>Account status changes</li> <li>Account access and modification events</li> </ul> </li> </ul> </li> </ol> <h2 id="step-4-network-configuration">Step 4: Network Configuration <a href="#step-4-network-configuration" id="step-4-network-configuration"></a><a class="anchor" href="#step-4-network-configuration">#</a></h2> <ol> <li><strong>Whitelist Databahn IPs:</strong> <ul> <li>Add Databahn’s IP addresses to your Sailpoint tenant’s allowed IPs if IP restrictions are enabled: <ul> <li>3.229.112.66</li> <li>3.223.27.127</li> <li>52.201.54.124</li> <li>52.203.151.207</li> </ul> </li> </ul> </li> <li><strong>Configure CORS (if needed):</strong> <ul> <li>If using web-based authentication flows, ensure CORS is properly configured.</li> </ul> </li> </ol> <blockquote class='book-hint note' ><div class="kb-alert-icon" aria-hidden="true"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4"/><path d="M12 8h.01"/></svg></div><div class="kb-alert-body"> <p><strong>Sailpoint Integration Reference</strong></p>Zscaler ZPAhttps://kb.solcyber.com/data-pipeline-management-setup-guides/zscaler-zpa/Mon, 01 Jan 0001 00:00:00 +0000https://kb.solcyber.com/data-pipeline-management-setup-guides/zscaler-zpa/<ul> <li>Go to <strong>Configuration & Control</strong> > <strong>Private Infrastructure</strong> > <strong>Log Streaming Service</strong> > <strong>Log Receivers</strong>.</li> <li>Click <strong>Add Log Receiver</strong>. The Add Log Receiver window appears.</li> <li>In the Add Log Receiver window, configure the following tabs:</li> </ul> <figure><img src="https://kb.solcyber.com/assets/unknown.png" alt=""><figcaption></figcaption></figure> <p><strong>Log Receiver</strong></p> <p>On the Log Receiver tab:</p> <ul> <li><strong>Name:</strong> Enter a name for the log receiver. The name cannot contain special characters, with the exception of periods (.), hyphens (-), and underscores ( _ ).</li> <li><strong>Description:</strong> Optional.</li> <li><strong>Domain or IP Address:</strong> Enter IP address for the log receiver.</li> <li><strong>TCP Port:</strong> Enter the TCP port number provided by SolCyber.</li> <li><strong>TLS Encryption:</strong> Select DISABLED.</li> <li><strong>App Connector Groups:</strong> Choose the App Connector groups that can forward logs to the receiver, and click <strong>Done</strong>.</li> </ul> <p>Click <strong>Next</strong>.</p>