Forwarding is set up in the InTrust Deployment Manager:
- Open the Deployment Manager and right click on the collection that you wish to forward to a SIEM solution.
- Select Edit Collection
- Click Next until you reach the Data Sources and Repository page.
- Click the browse button to the right of the Selected Repository.
- Select the Repository and click the Edit button.
- If using a shared repository for all collections you will be presented with a Warning: 'There are other collections (listed below) that use the 'selected repository name' repository. Further changes will apply to all these collections. Continue anyway? Click yes if you want the change to apply to all collections.
- If using a dedicated repository for the one collection proceed to the Forwarding tab.
- Enable the Forwarding and provide the following details:
The following options control how forwarding is performed:
- Destination host—The host that listens for forwarded messages
- Port—The port that the destination host uses for listening
- Message encoding—by default, Western European is used
- Message format—The format in which data is expected on the receiving end; see Data Conversion Formats 'InTrust 10.7 ChangeAuditor Integration Guide for details.