Share logs to SIEM solutions
  • Overview

About Sharing logs to SIEM solutions

Citrix provides a powershell script that can be used to generate a json file, containting all the relevant events. This json file then can be consumed by your prefered SIEM solution.

Powershell script

Download script

The powershell script can be found here

Create Secure Client

In order to run the script, you will need to create a Secure Client that will give you access to the Citrix APIs. You can follow these instructions on how to create one.

Arguments

The script takes the following as input:

  • customer This is your Citrix Cloud Customer Id
  • clientId and clientSecret These are the secrets you got when you created your secure client. See Create Secure Client
  • timeRange The selected time range. The supported formats are “yyy-MM-dd’T’HH:mm:ss,yyy-MM-dd’T’HH:mm:ss” or “{number of minutes}m”, “{number of hours}h” or “{number of days}d”. For example, 1h will return logs for last one hour.
  • outFile The path to the file where the result will be saved

### Example run

Import-Module .\CitrixSecurePrivateAccessLogs.psm1 -Force

$customer="customerid"
$clientId="clientid"
$clientSecret="secret"

$outFile="./logs.json"
$timeRange="7d"

$secureString = convertto-securestring $clientSecret -asplaintext -force
Get-CitrixSecurePrivateAccessLogsforSIEM -customer $customer -clientId $clientId -clientSecret $secureString -timeRange $timeRange -outFile $outFile
<!--NeedCopy-->
About Sharing logs to SIEM solutions