The Safed agent can be configured via https and send its collected logs to the log collector though a TLS connection. The latest released version – 1.9.1 – supports TLS 1.2 (at a minimum) and TLS 1.3.
The first step is to upload the private key, the local certificate and the CA certificate to the machine on which Safed is installed. You can copy them manually to the configuration directory of Safed. It is also quite easy to do that using an embedded web server.
The second step is to enable secure communication via TLS between the Safed agent and a log collector such as NetEye.
The third step is to configure Safed’s embedded web server to accept https connections.
Once the configuration has been changed, it should be applied using the dedicated menu item “Apply the Latest Audit Configuration”. From this point on, Safed will be reachable through https…
… and it will send collected messages through the TLS connection.