Professional Documents
Culture Documents
AZS - MF - SEPM - Deploy - Configuration - 1.0
AZS - MF - SEPM - Deploy - Configuration - 1.0
AZS - MF - SEPM - Deploy - Configuration - 1.0
Revision History
Version Author Date Revision
Draft Joshua Rains 12/16/2019 Initial content
1 Introduction 4
1.2 Prerequisites 4
1.3 Context 4
3 Troubleshooting 9
4 Appendix 10
If you are currently sending logs to RSA Netwitness you will need to adopt a hard cut over as part
of the transition to Azure Sentinel. The RSA RLC will be replaced by the KAS-R appliance for log
collection, with the KAS-R having the same IP address as the current RSA RLC, requiring no
additional steps from this guide to be carried out in order for logs to be sent to the KAS-R.
For devices not currently logging to an RSA RLC, please follow the steps below to configure
SEPM to send logs to Azure Sentinel.
1.2 Prerequisites
1.3 Context
Service Description
KAS-R This stands for KPMG Azure Sentinel Remote log collector
Log Analytics This is the service that stores log data and is leveraged by Azure
Sentinel as its data source.
Client Logs
Field Value
Syslog Server IP address of the KAS-R Appliance
Destination Port TCP, 514
Log Facility 23
Export Logs to a Unchecked
Dump File
— Client Logs:
Field Value
Client Activity Log Checked and Select: Fatal, Error, Warning, Info
Security Log Checked and Select: Critical, Major
Traffic Log Checked and Select: Critical, Major
Packet Log Unchecked
Field Value
Control Log Unchecked
Scan Log Unchecked
Risk Log Check
SONAR Protection Log Unchecked
Please contact GO-FM IMSS Onboarding for any issues that you have during configuration
of the data source to send logs to the KAS-R Appliance.
Andrew Burgess
Global Head of Platform Security
T +44 207 3113218
E Andrew.Burgess2@KPMG.co.uk
Brian T. Geffert
Global Chief Information Security Officer
T +1 703 286 8055
E bgeffert@kpmg.com
www.kpmg.com
© 2020 KPMG International Cooperative ("KPMG International"), a Swiss entity. Member firms of the
KPMG network of independent firms are affiliated with KPMG International. KPMG International provides
no services to clients. No member firm has any authority to obligate or bind KPMG International or any
other member firm vis-à-vis third parties, nor does KPMG International have any such authority to
obligate or bind any member firm. All rights reserved.
The information contained herein is of a general nature and is not intended to address the circumstances
of any particular individual or entity. Although we endeavour to provide accurate and timely information,
there can be no guarantee that such information is accurate as of the date it is received or that it will
continue to be accurate in the future. No one should act on such information without appropriate
professional advice after a thorough examination of the particular situation.