SIEM Integration Guide: Zuora

 

Background

Background

SIEM technology provides the ability to take information from multiple security tools and create rules that allow the data to be managed in a single space, analyzing them for correlations in real-time.

For this strategy to be effective, however, the security products used by the organization must be able to synchronize with a SIEM and forward the relevant logs. While some SIEMs have made sure firewalls, antivirus software, security products, servers, and databases are able to be integrated within their technology, there are still many tools that are falling through the cracks, which can affect an organization’s ability to properly secure its network.

CYREBRO SIEM Integration Scripts

CYREBRO SIEM Integration Scripts

This guide provides you with clear steps to successfully integrate Zuora with any SIEM system to enable log forwarding. It’s meant for information security and IT administrators or any other team with direct access to the systems relevant to applying the configurations presented in the guide.

CYREBRO’s intention in creating this and similar guides is to increase accessibility within the cybersecurity solutions market. Organizations can use the guides to create seamless log ingestion from any system to any SIEM based on any API documentation.

Zuora Log Forwarding Steps

Zuora Log Forwarding Steps

  1. Log into Zuora Web Security Cloud.   
  2. Create a dedicated user for making API calls. This step must be performed by a Zuora administrator of your organization, and the user should be connected to an internal email address. 
  3. Create an OAuth client for the user. In Zuora, navigate to Settings > Administration > Manage Users and click the username (in hypertext) that is created in step 1.  
  4. In the New OAuth Client section on the user profile page, enter a client name, and click create. A new window will open showing the client ID and client secret.

  5. Connection: 
    •  Manual connection: Download the package code and implement it into the internal server, then follow the “README file” instructions. (Through the package, add the client ID and client secret into the config file.) 
    •  For serverless connection: Learn more