RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

Transcription

1 RSA envision Supported Event Sources A Actividentity 4TRESS AAA Server - version AirDefense AirDefense Enterprise Server - version 7.2 Airmagnet Airmagnet Enterprise - version Apache HTTP Server - versions 2.1, 2.2 Apple Mac OS X Arbor Networks Peakflow X - version 4.1 Aruba Networks Aruba Networks Mobility Controller - version ArubaOS Aventail Aventail SSL VPN - version 8.8 CA Integrated Threat Management - version r8 Check Point Provider-1 - version 4.1 Firewall-1/VPN-1/SmartDefense - versions R54 - R65 CipherTrust Check Point LEA API CipherTrust IronMail - version 5.5 Access Control Server - versions 3.3, 4.0, 4.2 (software only) Access Control Server - versions 4.0, 4.1, 4.2 (appliance) Adaptive Security Appliance Software - versions 7.1(2), 7.2 (to generate syslog events) ASA Security Services Module Software - version 5.1(1p1) (to generate IDS events) Avocent B Avocent IP KVM - version Dell PowerEdge 2161DS-2 - parser trap handler Baracuda Networks Spam Firewall - version 3.4 & 3.5 Blue Coat Systems CacheOS (CacheFlow Appliance) Aironet AP (Wireless Access Point) - version IOS 12.2 Catalyst Switch 6500 CATOS - version 8.3 (alerting only) Works Common Services - versions 2.3, 3.0 Content Engine - versions 5.0, 5.4 Content Services Switch - versions 5.10, 8.10 Generic Filereader, Filereader, Blue Coat Systems C SGOS (Security Gateway Appliance) - versions 4.1, 4.2, 5.1, 5.2 IronPort - version xxx Mobility Services Engine - version PIX Firewall - version 7.0 Router - version IOS, 12.4 Secure IDS - versions 4.x, 5.0, 5.1, 6.0 SDEE, RDEP (prior to envision 4.0) Event Source Update 2009 RSA Security Inc. All rights reserved Page 1 of 5

2 Security - versions 4.0, 5.1 VPN 3000 Concentrator - versions 3.6.7, 4.0, 4.1, 4.7 Fortinet FortiGate Antivirus Firewall, running FortiOS - version 2.8, 3.0 Foundry Networks Switch - version 07 Wireless LAN Controller (WLC) - version Crossbeam Systems C-Series - versions 4.X, 5.X, 6.X CyberGuard Firewall TSP Family Series - version FreeBSD FreeBSD - version 5.4 G CyberGuard Cyberguard Classic - version 5.2 P4 D Debian Debian GNU/Linux 3.1 & 4.0 Dell E PowerConnect 5324 Switch - version EMC Celerra - version 5.5 (branded as: EMC Control Station, Blades, DataMover) EMC Clariion - version Navisphere 6.28 EMC Symmetrix Solutions Enabler - version 6.4 EMC Voyence - version Enterasys Networks Dragon - version 5.x, 6.x, 7.2 Extreme Networks F ExtremeWare Switch - version 6.2, 7.2, 7.7, NIC Windows Service F5 BigIP - version 9.4 F5 F5 Firepass - version Vendor Guardium H Device Collection SQL Guard HP ProCurve Switch series 2600/2800/5300 HP Open VMS - all versions Log file FTP HP UX - version 11.X, C2 v 11.X I AIX 5L (Security and Authentication messages only) iseries (AS400 V5R2 and above) Additional files: ftpscript, auditpgm (Lotus) Lotus Domino, NG Mainframe ACF2 ZOS - version 1.4 Mainframe DB2 UDB - versions 7, 8/ ZOS v1.4 Mainframe IDMS - versions (all) Mainframe IMS - versions (all) Mainframe SMA_RT OS390/ZOS - version Mainframe RACF ZOS - version 1.4 Mainframe Top Secret ZOX - version 1.4 Event Source Update 2009 RSA Security Inc. All rights reserved Page 2 of 5

3 Websphere - version / Windows 2003 Filereader Imperva SecureSphere Web Application Firewall Intel NetStructure VPN - version 6.9 ISS ISS Product suite: Proventia Appliance, SiteProtector, Internet Scanner, RealSecure J Juniper Networks DX Application Accelerator - version Juniper Networks IDP - versions 3.0, 3.1, 3.2, 4.0, 4.1 Juniper Networks JUNOS Router - version 6.1 Juniper Networks NetScreen Firewall Screen OS - versions 5.1, 5.3, 5.4, 6.0 Juniper Networks NetScreen-Security Manager - versions 2004, 2006, 2007 Juniper Networks SSL VPN - versions 5.4, 5.5, 6.0 Juniper Networks Steel-Belted Radius - version 5.4 L Lancope StealthWatch - versions 5.5, 5.6 (StealthWatch Xe for NetFlow, StealthWatch Xe for sflow, SteathWatch NC) McAfee Foundscan Professional/Enterprise - versions 5.0, McAfee Host Intrusion Prevention (also branded as Entercept): version supported on McAfee epolicy Orchestrator version 3.6 version 7.0 supported on McAfee epolicy Orchestrator verison 4.0 McAfee Intrushield - versions 2.1, 3.1, 4.1 McAfee VirusScan Enterprise - version 8.0i Windows DHCP Server, Windows 2000, Windows 2003 Configuration, Windows 2000 Configuration, Windows 2003 Exchange Server - versions 2003 and 2007 Internet Authentication Service version 2003 IIS (Internet Information Services) - versions 5.x and 6.x ISA Server - versions 2000, 2004, 2006 Operations Manager - version SP1 (Windows 2003 R2) less Windows SQL Server - version 2000, 2005 and Windows (agentless) Event Logging API M Mazu Networks Mazu Profiler - versions 5.5.2, 6.0, 7.0 agent) - Adiscon Event Reporter agent) - InterSect-Alliance BackLog agent) - InterSect Alliance SNARE via via via McAfee epolicy Orchestrator - versions 3.5, 3.6 and 4.x Event Source Update 2009 RSA Security Inc. All rights reserved Page 3 of 5

4 N version 7.3 NetContinuum NetContinuum Web Application Firewall - version NC OS 5.x Network Appliance Data ONTAP - version 6.x RSA Security Authentication Manager- versions 5.2, 6.0, 6.1, 7.1 RSA Security Data Loss Prevention - version S Network Appliance NetCache - version 5.5R3, 5.6.2R1, 6.03, 6.1 NFR NIDS - version 3.x, 4.x, 5.x Nokia Nortel IP Series version 3.5 and earlier, 3.6, and 3.8, Alteon Switch Firewall - version 8.x Filereader Nortel Contivity VPN Switch SAP R3 Enterprise - version 4.7 Secure Computing Sidewinder G2 Security Appliance - versions x, x, x File Reader Solsoft NP - version Nortel Passport 8600 Routing Switch - version SonicWALL Firewall (alerting only) (rebranded to Ethernet Routing Switch 8600) Sophos Enterprise Console - version 3.0 Novell edirectory - version 8.8 Novell SuSE Linux - version 9, 10, 10.2 O Open Source NFDump - netflow v5, v7, and v9 Open Source SNORT - version 2.8 (signature level ) See: SNORT Alternative Branding Oracle Oracle - versions 8i, 9i and 10g R Sun Solaris - versions 2.8, 2.9, 2.10 Sun Solaris Basic Security Module (BSM) - versions 8, 9, 10, 11 Sybase Sybase Adaptive Server Enterprise - version 15 Symantec AntiVirus Corporate Edition - versions 9.0, 10.0, 10.1, and 11 Symantec Enterprise Firewall - versions 6.x, 7.x, 8.x Symantec Intruder Alert - version 3.6 Symantec Network Security - version 4.0 T TippingPoint UnityOne - version 2.1 Top Layer Attack Mitigator - version 2.1 Red Hat Red Hat Enterprise Linux 3, 4 & 5 Top Layer Secure Edge Controller - version 2.01 Trend Micro OfficeScan Corporate Edition - version 7.0 Control Manager - version 3.5 RSA Security Access Manager - version 6.0 on Solaris, Windows, and Linux Tripwire Tripwire Enterprise - versions 5.4, 5.5, 7.5 File Reader RSA Security Adaptive Authentication (OnPrem) - Event Source Update 2009 RSA Security Inc. All rights reserved Page 4 of 5

5 W WebSense Web Security Suite - versions 5.5, 6.3, 7.x This is an indicative list created on July 30 th 2009, contact RSA support to find the latest status and details of the integration. Event Source Update 2009 RSA Security Inc. All rights reserved Page 5 of 5