The edr.minervalabs.events tag is used to identify all log events generated by the Minerva Labs Anti-Evasion Platform.
...
Source Port → 13007
Target Tag → edr.minervalabs.events
Select the Stop Processing and Sent without syslog tag checkboxes
...
Click Add Rule to save and activate the rule. Now the relay is ready to receive the Minerva Labs events.
Forward events from Minerva Anti-Evasion Platform to the Devo relay
Logs should be sent via syslog in CEF format.
Login into your Minerva Management Console.
Click the Administration page in the Navigation Panel.
Click the Forwarding tab.
Select the syslog checkbox to enable syslog forwarding. Then set the server address and port. This will be the IP address of your Devo relay and the port you specified when setting up the relay rule.