McAfee SIEM Device Support

Transcription

1 McAfee SIEM Device Support By Vendor Vendor Device Name Device Type Supported Logs A10 Networks Load Balancer (AX Series) Load Balancer ASP Syslog Adtran NetVanta Network Switches & Routers ASP Syslog Airdefense Airdefense Network Switches & Routers WIPS Alerts Java - Syslog Airtight Interactive Airtight Interactive Applications ASP Syslog Alcatel-Lucent InfoExpress ALLOW, DENY, EXIT, Authentication / Network Switches & Routers CyberGatekeeper LAN CGATE type only Java - Syslog UDP VitalQIP Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies ASP Apache Software Applications / Host / Server / Operating Java - Local files; Apache Access Logs only Foundation Systems / Web Content / Filtering / Proxies syslog UDP Apache Applications / Host / Server / Operating Access, Error and Systems / Web Content / Filtering / Proxies ModSecurity Logs ASP - Syslog Arbor Arbor Peakflow DoS/SP Network Switches & Routers Access, Error and ModSecurity Logs Java - Syslog UDP Arbor Peakflow X Network Switches & Routers Network Behavior Alerts Java - Syslog UDP Arbor Peakflow X Network Switches & Routers Network Behavior Alerts Aruba Aruba Wireless Access Points Custom Aruba Barracuda Barracuda SPAM Filter Security Appliances / UTMs Barracuda SPAM Filter Messages Barracuda Web Barracuda Web Filter Security Appliances / UTMs Security Gateways Messages Bit9 Bit9 Parity Suite Applications CEF Blue Coat Blue Coat SG Series Web Content / Filtering / Proxies Proxy and System Log Java - Syslog TCP Blue Coat SG Series Web Content / Filtering / Proxies Access Log ASP Syslog UDP Blue Lance BlueLance LT Auditor + Java - SQL Server Applications Netware Auditing for Novell Netware database

2 Vendor Device Name Device Type Supported Logs Blue Martini Blue Martini Application Code Based Blue Ridge BoarderGuard 5000 & 6000 Series Bradford Bradford Campus Manager NAC / Network Switches & Routers ASP Syslog Brocade Foundry BigIron, FastIron Foundary Syslog Network Switches & Routers and NetIron Messages IronView Network Manager NAC / Network Switches & Routers ASP Syslog CA CA Datacom Mainframe Nitro Plugin Protocol Identity & Access Management IAM / IDM Nitro Plugin Protocol Check Point Check Point Edge W32 & Firewall WU OPSEC Check Point Enterprise & Firewall Enterprise Pro OPSEC Check Point Express Firewall OPSEC Check Point FW-1 Limited Firewall OPSEC Check Point FW1, NG, NGX Standard Firewall OPSEC Check Point Smart Center Enterprise Pro Firewall OPSEC Check Point IPS-1 Sensory (formerly NFR Alerts Nitro Plugin Protocol Network Flight Recorder) Check Point HA VPN-1 Virtual Private Networks OPSEC Check Point VPN Pro Virtual Private Networks OPSEC Check Point VPN-1 Edge Virtual Private Networks OPSEC Check Point VPN-1 Express Virtual Private Networks OPSEC SmartEvent Firewall OPSEC

3 Cisco Cisco CSS (Content Services Switches) Other Cisco SDEE Application Protocol ASP - SDEE TACACS+ Authentication ASP Syslog TACPlus Authentication Tacplus messages Java Syslog UDP Cisco ASA Firewall %ASA messages Java - Syslog UDP Cisco ASA Firewall ASA messages ASP Syslog UDP Cisco EAP Java - Syslog UDP Cisco Firewall & Service Module Firewall FWSM messages Java - Syslog UDP Cisco PIX Firewall PIX messages Java - Syslog UDP Cisco PIX IDS Firewall / IDS messages only Java - Syslog UDP Cisco PIX and PIX IDS Firewall / PIX and IDS messages ASP Syslog UDP Cisco IOS ACL, IOS FW, Firewall / / Network %SEC, %FW only, %IDS IOS IDS Switches & Routers only Cisco IOS Firewall Firewall / Network Switches & Routers %FW only Java - Syslog UDP Cisco CSA Host / Server / Operating System / CSA Events SQL/Text %(CONTROLLER LINK OSPF LINEP CATOS Host / Server / Operating Systems / ROTO DVLAN FILESYS IP MGMT SEC Java - Syslog UDP Network Switches & Routers URITY SYS SEC NTT Login FW ) Messages %(CONTROLLER LINK OSPF LINEP CATOS Host / Server / Operating Systems / ROTO DVLAN FILESYS IP MGMT SEC Network Switches & Routers URITY SYS SEC NTT Login FW ) Messages Failed/Passed/Radius Cisco ACS Accounting/TACACS ASP Syslog UDP Accounting & Administration Cisco Guard ASP Syslog UDP Cisco IDS IDS messages only SDEE Cisco IDSM SDEE Cisco IPS SDEE Cisco IOS IDS / Network Switches & Routers %IDS only Cisco IOS IPS / Network Switches & Routers IPS Alerts, DUAL, PFINIT- SP, HSRP

4 Cisco Cisco NAC Appliance (Clean Access) NAC / Network Switches & Routers ASP Syslog Cisco NAC Appliance (Clean Access) NAC / Network Switches & Routers NAC Only Java - HTTP based requests NetFlow (Generic) Network Flow Collection ASP - Nitro Netflow Collector Aaa, Arp, Auth, Authpriv, cert-enroll, dhcp_snoop, fs-daemon, Fspf, ftp, Fwm, Im, interface-vlan, Ip, Ipconf, NX-OS (Nexus) / Network Switches & Routers Ipqos, Kernel, m2rib, Mail, Mfdm, Mfwd, Ntp, Port, port-channel, port-resources, Provision, Radius, Security, Snmpd, Sifmgr, spanning-tree, Syslog, Sysmgr, TACACS, TACACS+, Track, User, Uucp, vlan_mgr and zone ASP Syslog Cisco IOS ACL Network Switches & Routers %SEC only Java - Syslog UDP Cisco Wireless LAN Controllers Network Switches & Routers ASP Syslog Cisco MARS Security Management Incident Notification XMLs Java - (SMTP) Cisco VPN Concentrator Virtual Private Networks VPN messages Java - Syslog UDP Cisco VSM (VPN Switch Virtual Private Networks Blade) VPN messages Java - Syslog UDP Cisco Content Engine Web Content / Filtering / Proxies Proxy Logs Java - FTP Server on Receiver Cisco IronPort Web Content / Filtering / Proxies IronPort Syslog and Access Messages ASP - Syslog Citrix Citrix Secure Access Gateway Applications ASP Syslog Citrix NetScaler Web Content / Filtering / Proxies ASP Syslog Citrix NetScaler Web Web Content / Filtering / Proxies ASP Syslog Cluster Labs Pacemaker CRMD Applications ASP-Syslog Cooper Power Systems Cybectec Network Switches & Routers ASP Syslog Yukon IMS Applications ASP-Syslog CoreTrace CoreTrace Applications Bouncer Messages ASP Syslog CyberGuard CyberGuard (includes FS, SG, SL) Firewall FW messages Java - Syslog UDP Cyber-Ark Enterprise Password Vault Applications ASP Syslog

5 Dell PowerConnect Network Switches & Routers ASP Syslog EdgeWave iprism Web Security Web Content / Filtering / Proxies ASP Syslog eeye eeye Retina Vulnerability Systems data support eeye Retina Enterprise Vulnerability Systems Manager data support Enterasys Enterasys Dragon Java - MySQL database (TCP NIDS and HIDS Messages Sensor/Squire connection) N Series Switches Network Switches & Routers ASP Syslog NAC NAC/Network Switches & Routers ASP Syslog S Series Switches Network Switches & Routers ASP Syslog Extreme Networks ExtremeWare XOS NAC/Network Switches & Routers ASP Syslog F5 Access Policy Manager (APM) NAC/Network Switches & Routers ASP Syslog Application Security Manager (ASM) Web Content / Filtering / Proxies Nitro Plugin Protocol FirePass SSL VPN Virtual Private Network ASP Syslog Local Traffic Manager Web Content / Filtering / Proxies Fairwarning Fairwarning Privacy Monitoring Application Security Nitro Plugin Protocol FireEye FireEye Malware Protection Antivirus/Malware CEF Fluke Networks AirMagnet Enterprise Network Switches & Routers ASP Syslog Force10 Networks FTOS Network Routers & Switches ASP Syslog ForeScout CounterACT NAC/Network & Switches ASP Syslog Fortinet Fortinet Fortigate Firewall IPS, webfilter, spamfilter, event, traffic type messages Java - Syslog Fortinet Fortigate Firewall IPS, webfilter, spamfilter, event, traffic type messages ASP - Syslog Fortinet WAF Firewall ASP Syslog FreeRadius FreeRadius Authentication AUTH ASP Syslog Funkwerk PacketAlarm IPS IPS Alerts Java - Syslog UDP GTA GNAT Firewall ASP Syslog

6 HP HP-UX (Hewlett-Packard) Host / Server / Operating Systems ssh/telnet/ftp/rsh/inetd/sendm Java - Syslog UDP ail/syslogd/su LaserJet Printers ASP Syslog OpenVMS Operating Systems ASP - Syslog HP ProCurve Network Switches & Routers Procurve Syslog Messages Infoblox NIOS Applications ASP Syslog IBM Guardium Database Activity Monitoring ASP Syslog UDP I System Z DB2 Database DBM Agent x, 8.x, 9.x System Z DB2 Database Versions BSafe Agent RealSecure Network /Server ISS Real Secure Server Java - SQL Server database Host / Server / Operating Systems Sensor, Proventia A/G/M Sensor Series Applicances IBM AIX OS Host / Server / Operating Systems ssh/telnet/ftp/rsh/inetd/sendm Java - Syslog UDP ISS Desktop Protector ISS Real Secure Network Sensor Host / Server / Operating Systems / Other Other ail/syslogd/su BlackICE and Desktop Protection System RealSecure Network /Server Sensor, Proventia A/G/M Series Applicances Java - SQL Server database Java - SQL Server database ISS Site Protector Security Management RealSecure Network /Server Sensor, Proventia A/G/M Custom Text Series Applicances z/os, z/vm Mainframe SMF (System Management Facilities) Types 30, 14, 15, Nitro Plugin Protocol 17, 18, 56, 62, 64, 80 Tivoli Access Manager for Operating Systems Authentication Nitro Plugin Protocol Tivoli Identity & Access Manager IAM / IDM Nitro Plugin Protocol z/os, z/vm Mainframe RACF (Resource Access Control Facility Nitro Plugin Protocol Informix Database Imperva Database Activity Monitor Database Code Based Web Application Firewall Firewall Code Based Intersect Snare for Windows, Snare for SNARE Other iance AIX

7 IP Fix IP Fix Network Flow Collection Custom itron itron Enter Smart Grid Application ASP Syslog Juniper Juniper Netscreen System and Traffic Java - Syslog UDP OR ASP - Firewall Firewall notification messages Syslog Juniper Netscreen IDP 4.x via NSM Java - Syslog UDP OR ASP - Syslog Juniper Netscreen Security Manager Network Switches & Routers IDP, FW Java - Syslog UDP NSM Applications / Host / Server / Operating Systems ASP Juniper Routers (JunOS) Network Switches & Routers JunOS Messages Juniper Secure Access SSL VPN Virtual Private Networks Log/Monitoring Events ASP- Syslog UDP SRX Firewall/VPN JunOs Messages ASP Syslog UDP Kaspersky Admin Console Antivirus anti-virus events through the console Windows Agent KEMP Technologies LoadMaster Network Switches & Routers ASP Syslog Lancope Lancope Stealth Watch / Network Switches & Routers Stealth Watch messages only Java - Syslog UDP Lancope Stealth Watch / Network Switches & Routers ASP - Syslog LINUX LINUX Host / Server / Operating Systems AuditD, BIND, Netfilter, ProFTPD, Samba, Open ASP Syslog SSH, Pure FTPD, cron, exinit Lumension PatchLink Scan Vulnerability Systems data support Macintosh OS-X Server & Applications / Security Management / Server and Workstation Workstation Host / Server / Operating Systems ASP - Syslog MailGate, Ltd. MailGate Server Applications / Security Management / Host / Server / Operating Systems ASP Syslog Mainframe DB2 Host / Server / Operating Systems Bsafe Agent Mainframe IMS Host / Server / Operating Systems Bsafe Agent Mainframe SMF DB2 Host / Server / Operating Systems Bsafe Agent Mainframe SMF RACF Host / Server / Operating Systems Bsafe Agent Mainframe SMF FTP & Telnet Host / Server / Operating Systems Bsafe Agent Mainframe SMF VSAM Host / Server / Operating Systems Bsafe Agent

8 Mainframe Top Secret, Type 80 SMA_RT Host / Server / Operating Systems ICH/IEF/SMF/TSS messages Java Syslog UDP McAfee McAfee Antivirus AntiVirus WMI WMI McAfee epolicy Applications / Security Management / Host / Java - SQL Server database AV/HIPS/Host FW messages Orchestrator (EPO) Server / Operating Systems McAfee AntiSpyware (ASE), Data Loss Prevention (DLP), epolicy Orchestrator Agent [Common McAfee Framework Agent] (CMA), GroupShield for Domino (GSD), GroupShield for Exchange (GSE), McAfee Host Intrusion Prevention (HIPS), McAfee Network Access Control (MNAC), McAfee Policy Auditor (PAE), McAfee SiteAdvisor (SAE), McAfee VirusScan (VSE), SolidCore (SCOR) Firewall Enterprise Firewall / ASP Syslog Firewall Enterprise Firewall / FW Logs Only Java - Syslog UDP and Web Security Web Content / Filtering / Proxies CEF and Web Security Web Content / Filtering / Proxies ASP - Syslog McAfee HIPS HIPS data through epo for Java - Entercept API till 5.x HIPS 6.0 and above epo SQL Server database for 6.0 Network Security (formerly IntruShield) IPS Alerts Java - Syslog UDP Network Security (formerly IntruShield) IPS Alerts ASP - Syslog Vulnerability Manager Vulnerability Systems data support Web Gateway Web Content / Filtering / Proxies ASP Syslog McAfee WebShield SMTP Web Content / Filtering / Proxies Webshield Syslog Messages Microsoft Exchange Applications / Host / Server / Operating Systems Message Tracking Logs ASP - Windows Agent Forefront Threat Management Gateway IDS/IPS Code Based Microsoft Windows Applications / Host / Server / System, Security, Application, DNS, WMI WMI Operating Systems DHCP and File Replication. Microsoft Windows Server Debug DNS Logs (file) ASP Windows Agent Microsoft Windows Server Debug DHCP Logs (file) ASP Windows Agent Microsoft SQL Server Database WMI WMI Microsoft SQL Server Database DBM Agent - MSSQL 2000 (SP4), 2005, 2008 Microsoft ISA Server Firewall / Host / Server / Operating Systems / Web Content / Filtering / Proxies / Virtual Private Networks WMI WMI Microsoft Operations Manager Host / Server / Operating Systems MOM Messages Java - SQL Server database

9 Microsoft Microsoft IIS Host / Server / Operating Systems / IIS web traffic logs in W3C Java Parsing Agent - Local Files; Web Content / Filtering / Proxies format syslog using Snare Microsoft IIS Host / Server / Operating Systems / IIS web traffic logs in W3C Web Content / Filtering / Proxies format Windows Agent Microsoft Exchange Server Other WMI WMI Microsoft Active Directory Other WMI WMI Microsoft SCOM Security Management 2007 Nitro Plugin Mirage Threat and Response Mirage Counterpoint NAC / Network Switches & Routers Networks Messages Java - Syslog UDP ncircle IP360 Scanner Vulnerability Systems data support Nessus Nessus Vulnerability Systems Data Support NetApp DataFort Storage Switch ASP Syslog OnTap Logs audit, Data OnTap Storage message, sis and snapmirror ASP Windows Agent logs FAS Storage.evt files Windows Agent Netfort Applications / Security Management / Netfort LANGuardian Technologies Host / Server / Operating Systems ASP Syslog netiq netiq Security Manager Network Switches & Routers / Java - SQL Server database netiq Alerts Security Management NetWitness NextGen Application Protocol CEF Spectrum Malware URL Integration NitroSecurity NitroView DBM Database ASP - Syslog NitroSecurity IPS Firewall / / Network Switches & Routers ASP - Syslog Nitro Plug-in Protocol Other Nitro Plugin Protocol NitroSecurity SNMP Other SNMP Nokia Nokia IPSO Firewall IPSO OS logs Java - Syslog UDP Nortel Passport 8000 Network Switches & Routers ASP Syslog VPN Gateway 3050 Virtual Private Networks ASP Oracle MySQL Database Yes, x, 5.0.3x Oracle Common Audit Database System Java Agent - Local Files Oracle Fine-Grained Java - DB Audit Tables Database Fine Grained Audits Audit through JDBC

10 Oracle Oracle Database Identity & Access Manager DBM Agent - Oracle , 9.x, 10.x, 11.x IAM / IDM Nitro Plugin Protocol Osiris ISAKMP, RADIUS, Host / Server / Operating System / Host Integrity Monitoring SECURITY, Accounting, RIP, ASP Syslog VR messages only Palo Alto PA-2000, 4000, 500 Firewall ALL ASP - Syslog Patrick Townsend AS-400 Host CEF Peoplesoft Peoplesoft Applications Nitro Plugin Protocol PostFix PostFix Applications ASP-Syslog PostgreSQL PostgreSQL Database ASP Powertech AS-400 Host CEF ProofPoint Messaging Security Gateway Applications ASP Qualys QualysGuard Vulnerability Systems Data Support Quest ChangeAuditor for Active Applications Directory ASP WMI Radware DefensePro DefensePro Alerts Java - Syslog UDP FireProof and LinkProof Network Switches & Routers ASP Syslog Rapid 7 MetaSploit Pro Penetration Testing Custom Nexpose VA Scanner Vulnerability Systems Data Support ssh/telnet/ftp/rsh/inetd/sendm Red Hat Red Hat Linux OS Events Host / Server / Operating Systems ail/syslogd/su/pam Java - Syslog UDP unix/rhosts/xinetd Riverbed Steelhead Security Appliances / UTMs ASP Syslog RSA RSA Authentication Manager (windows) Authentication WMI WMI RSA Authentication Manager (UNIX) Authentication ACE Server Logs Only Java - Unix Syslog RSA Authenticaiton Manager (Windows & UNIX) Authentication ASP Syslog

11 SafeNet Safenet HSM Application Security ASP Syslog Saint Saint Vulnerability Vulnerability Systems Scanner data support Savant Savant Protection Anti-Malware CEF SecureAuth SecureAuth IEP Authentication ASP Syslog Applications / Security Management / Secure Crossing Secure Crossing ZenWall Host / Server / Operating Systems ASP Syslog sflow sflow (Generic) Network Flow Collection Nitro sflow Collector Silver Spring Networks Access and Endponts Smart Grid ASP Syslog SonicWALL Aventail Virtual Private Networks VPN messages ASP SonicWALL FW Firewall FW/IPS/VPN ASP - Syslog Sophos Sophos Security & Web Content / Filtering / Proxies Data Protection ASP Sophos Enterprise AV and endpoint events Antivirus/HIDS Console from the console Nitro Plugin Protocol Web Security & Control Web Content / Filtering / Proxies ASP - Syslog Sourcefire Snort NIDS IDS messages only Java - Syslog UDP Sourcefire Intrusion IDS messages Java - Estreamer API using Sensor only(estreamer) TCP port 8302 Sourcefire NS/RNA IDS/IPS IDS messages only(estreamer) Squid Squid Web Proxy Web Content / Filtering / Proxies Web Proxy Logs Java Squid Web Proxy Web Content / Filtering / Proxies Web Proxy Logs ASP Syslog StillSecure Strata Guard Firewall / Security Management / IDS Firewall Events / IPS / Virtual Private Networks ASP Sylosg Stonesoft Stonesoft Stonegate Firewall / Security Management / IDS IPS/FW/VPN Management Center / IPS / Virtual Private Networks Java Syslog UDP Stonesoft Stonegate Firewall /VPN Firewall / Virtual Private Networks FW/VPN activities Java Syslog UDP Stonesoft Stonegate IPS IPS Alerts Java Syslog UDP Sun Solaris BSM Host / Server / Operating Systems BSM Audit Logs Java - Syslog UDP Solaris OS Events Host / Server / Operating Systems ssh/telnet/ftp/rsh/inetd/sendm Java - Syslog UDP ail/syslogd/su/xinetd iplanet Web Content / Filtering / Proxies Java - Syslog UDP Sybase Sybase Database DBM Agent - 11.x, 12.x, 15.x

12 Symantec Symantec Anti Virus AntiVirus WMI WMI Symantec AV CE Server Antivirus NPP Symantec Endpoint Host FW/IPS/AV/Control/NAC AntiVirus Protection messages Java Syslog UDP Symantec Endpoint Host FW/IPS/AV/Control/NAC AntiVirus Protection messages ASP Syslog Symantec Intruder Alert Host / Server / Operating Systems ITA Alerts Java Syslog UDP Symantec Critical System Java SQL Server database (TCP Events and Audit messages Protection port 1433) Symantec ManHunt IDS messages only Java Syslog UDP Symantec HIDS / Other HIDS messages Java DB2 database PGP Universal Server Host / Server / Operating Systems Symantec Web Gateway Web Content / Filtering / Proxies messages ASP Syslog System i System i Host / Server / Operating Systems BSafe Agent TippingPoint Tippingpoint Unitity One ASP Syslog Tippingpoint SMS Format Security Management IDS messages Java Syslog UDP Tippingpoint SMS Format Security Management IDS messages ASP - Syslog Tofino Firewall LSM Firewall / Virtual Private Networks ASP Syslog Top Layer TopLayer Attack Mitigator ASP Syslog Trend Micro Control Manager (IMSS & IWSS) AntiVirus / Vulnerability Systems IMSS and IWSS Java SQL Server database Deep Security IDS HIDS HIDS and Windows messages ASP - Syslog OSSEC FIM/HIDS ASP Syslog Tripwire Enterprise Database / Security Management Tripwire Integrity Check messages Java Syslog UDP Tripwire NIDS / Other SNMP Trustvave NAC NAC NAC events ASP Syslog Vericept DLP CEF Webdefend Web Content / Filtering / Proxies ASP Syslog Type 80 Type 80 SMA_RT Host / Server / Operating Systems ICH/IEF/SMF/TSS messages Java Syslog UDP VMWare/EMC VMWare ESX/ESX i Applications Virtual System logs ASP - Syslog Vormetric Data Security Applications ASP Syslog WatchGuard WatchGuard Firebox Firewall ASP Syslog Websense Websense Enterprise Web Content / Filtering / Proxies Web Security and Filtering Java SQL Server database Messages Xirrus abgn WiFi Arrays Switches & Routers ASP Syslog Zonelabs Zonelabs Integrity Firewall Java SQL Data Source