Event Forwarding - Rules and Destinations

After you configure destination(s) for an external analytics platform, you can review, edit, delete, and search for them in the Manage Destinations window. Then you must create a forwarding rule with this destination.

Managing Destinations

To review destinations:

In the Manage Destinations window, on the left pane, select the name of the destination. The right pane shows the settings for the destination and the rules that use the destination.

To edit destinations:

1. In the Destinations window, on the left pane, select the destination's name.

2. Click the edit icon .

   The Edit Destination window opens.

3. Change the settings as necessary.

4. Click Apply.

5. Click Close.

To delete a destination:

1. In the Manage Destinations window, on the left pane, select the destination's name.

2. Make sure that no rule uses this destination. A destination cannot be deleted if it corresponds to a rule.

   If there is no destination configured with the Used by Rule, then the right pane is empty. If some rules use the destination, replace the destination or delete the rules.

3. Click the delete icon.

To search for a destination:

1. In the Manage Destinations window, in the search field, start to enter the destination's name.

   A list of destinations opens.

2. Click the destination to see more details about the configuration.

3. To exit, click Close.

Managing Forwarding Rules

On the Event Forwarding page, Forwarding Rules show the rule name, the services from which you forward data, and the name of the destination to which you forward the data.

The calculation of the forwarded data depends on the selected services:

• When you select a specific service (for example, Harmony SaaS Software as a Service (SaaS) - An application delivered over the Internet by a provider. The application doesn’t have to be purchased, installed, or run on users’ computers. SaaS providers were previously referred to as ASPs (application service providers).), the Infinity Portal calculates the expected data usage in gigabytes based on this service.

• When you select All services, Infinity Portal calculates the total expected data usage by summing up the data consumption of all available services in this account (for example, Harmony Mobile, Quantum Security Management, and Policy).

The calculated GB value is displayed next to the selected service(s) in parentheses.

For example, if you select only the SaaS service, the Infinity Portal shows the expected data usage for SaaS. If additional services are selected, the Infinity Portal updates the calculation to reflect the combined data usage of the selected services.

To add a new forwarding rule:

1. Click Add Rule.

2. In the New Forwarding Rule window, enter these details:

   1. Rule Name - Enter a distinctive name

   2. Destination - Select one of the configured destinations.

   3. Format:

      • For Pull, JSON is the only available format

      • For Push, select Syslog, LEEF, or CEF

   4. Services - Select one of these:

      • All (XGB/day) - The expected amount of exported event logs for all services for one day.

      • Specific services (XGB/day) - The expected amount of exported events for selected services for one day. Select each of the services from which you forward the data. The consumption depends on the selected services.

        Note - Harmony Endpoint data does not include Threat Hunting data, which can accumulate a large amount of events. If you require this data to be included, click Include Threat Hunting data and make sure that your contract capacity includes these provisions. For more information, see sk182879 - Infinity Portal Event Forwarding - Troubleshooting.

3. Click Create.

To edit a forwarding rule:

Put the cursor on the rule and click , then select Edit. Change the rule settings as necessary.

To delete a forwarding rule:

Put the cursor on the rule and click , then select Delete.