Configure ThreatDown Nebula for Arctic Wolf monitoring

You can configure ThreatDown Nebula® to send the necessary logs to Arctic Wolf® for security monitoring.

These resources are required:

  • A ThreatDown Nebula admin account

Create OAuth2 credentials

  1. Sign in to the ThreatDown Nebula dashboard.
  2. In the navigation pane, click Integrate.
  3. Click Add client.
  4. In the Create Client window, enter an Application name.
  5. Select the Read checkbox.
  6. Click Save.
  7. In the OAuth client window, copy your client ID and client secret to a safe, encrypted location to provide to Arctic Wolf later.
    Note:
  8. Click OK.

Obtain your customer account ID

  1. Sign in to the ThreatDown Nebula dashboard.
  2. Navigate to the URL in your browser to identify your customer account ID value.

    Your customer account ID is embedded in the URL, in the format: https://cloud.threatdown.com/customer_account_ID/dashboard/.

  3. Copy your customer account ID, and then save it in a safe, encrypted location to provide to Arctic Wolf later.

Provide ThreatDown Nebula credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click ThreatDown.
  5. Configure these settings:
  6. Click Test and submit credentials.