Accellion Secure File Transfer



Similar documents
F5 Local Traffic Manager

RSA Authentication Manager

A10 Networks Load Balancer

Barracuda Networks Web Application Firewall

Microsoft Internet Information Services (IIS)

McAfee Enterprise Security Manager. Data Source Configuration Guide. Infoblox NIOS. Data Source: September 2, Infoblox NIOS Page 1 of 8

F-SECURE MESSAGING SECURITY GATEWAY

PineApp Surf-SeCure Quick

Network Load Balancing

User Management Guide

Mozilla Thunderbird: Setup & Configuration Learning Guide

LogLogic Trend Micro OfficeScan Log Configuration Guide

After you have created your text file, see Adding a Log Source.

Configuring User Identification via Active Directory

Managing Qualys Scanners

EventTracker: Integrating Imperva SecureSphere

How to Setup and Configure ESXi 5.0 and ESXi 5.1 for OpenManage Essentials

Managing Identities and Admin Access

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Wireless Installation Checklist for Novell GroupWise Environments

Dynamic DNS How-To Guide

How to integrate Verax NMS & APM with Verax Service Desk

Management, Logging and Troubleshooting

Configuring Sponsor Authentication

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

McAfee Enterprise Security Manager 9.3.2

VERALAB LDAP Configuration Guide

SOA Software API Gateway Appliance 7.1.x Administration Guide

Integrating with IBM Tivoli TSOM

SolarWinds Log & Event Manager

HP Device Manager 4.6

LogLogic Cisco NetFlow Log Configuration Guide

McAfee Security Information Event Management (SIEM) Administration Course 101

SevOne NMS Download Installation and Implementation Guide

RSA Event Source Configuration Guide. McAfee Database Security

RSA Event Source Configuration Guide

Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

Setting up Microsoft Office 365

Configuring an Client to Connect to CASS Mail Servers

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

F-Secure Messaging Security Gateway. Deployment Guide

RSA Security Analytics

Configure Cisco Unified Customer Voice Portal

Introduction Installation firewall analyzer step by step installation Startup Syslog and SNMP setup on firewall side firewall analyzer startup

Using the VCDS Application Monitoring Tool

McAfee SIEM Alarms. Setting up and Managing Alarms. Introduction. What does it do? What doesn t it do?

SNMP-1 Configuration Guide

RoomWizard Synchronization Software Manual Installation Instructions

Nexio Insight LDAP Synchronization Service

LogLogic Cisco IPS Log Configuration Guide

SuperLumin Nemesis. Administration Guide. February 2011

LifeSize Transit Deployment Guide June 2011

Server Manager Help 10/6/2014 1

QUICK START GUIDE. Cisco C170 Security Appliance

XMS Quick Start Guide

enetworks TM Using the Syslog Feature C.1 Configuring the Syslog Feature

LogLogic Microsoft Domain Name System (DNS) Log Configuration Guide

Symphony Network Troubleshooting

PIX/ASA 7.x with Syslog Configuration Example

LogLogic Blue Coat ProxySG Syslog Log Configuration Guide

NetBrain Discovery Appliance Manual

Administration guide. Océ LF Systems. Connectivity information for Scan-to-File

USER GUIDE. Snow Inventory Data Receiver Version 2.1 Release date Installation Configuration Document date

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Using triggers and actions

Integration Guide. Help Desk Authority, Perspective and sl

Windows Service Monitoring

Salesforce Integration

SonicWALL Global Management System Reporting Guide Standard Edition

Knowledge Base Articles

Using WhatsUp IP Address Manager 1.0

Quick Scan Features Setup Guide

Basic Exchange Setup Guide

LogLogic Microsoft Dynamic Host Configuration Protocol (DHCP) Log Configuration Guide

JusticeConnect AVL for Windows SETUP GUIDE

Tracking Network Changes Using Change Audit

Syslog Monitoring Feature Pack

6.0. Getting Started Guide

HP Device Manager 4.7

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Managing the System Event Log

Installing and Configuring vcloud Connector

NSi Mobile Installation Guide. Version 6.2

Introduction to the EIS Guide

Application Performance Monitoring for WhatsUp Gold v16.1 Getting Started Guide

Configuring WMI Performance Monitors

Configuring an ArcSight Smart- Connector to collect events from Kaspersky Admin Kit 8.0

Enhancements to idrac7 Alert Notification

Jive Connects for Microsoft SharePoint: Troubleshooting Tips

SolarWinds Certified Professional. Exam Preparation Guide

EMC CLARiiON PRO Storage System Performance Management Pack Guide for Operations Manager Published: 04/14/2011

Installing and Configuring vcloud Connector

Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)

RSA Event Source Configuration Guide. McAfee Firewall Enterprise

IBM Security QRadar SIEM Version MR1. Administration Guide

OneFabric Connect and iboss Internet Filtering Appliance

POP3 Connector for Exchange - Configuration

Transcription:

McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: Accellion Secure File Transfer January 26, 2015 Accellion Secure File Transfer Page 1 of 7

Important Note: The information contained in this document is confidential and proprietary. Please do not redistribute without permission. Accellion Secure File Transfer Page 2 of 7

Table of Contents 1 Introduction 4 2 Prerequisites 4 3 Specific Data Source Configuration Details 5 3.1 Accellion Secure File Transfer Configuration 5 3.2 McAfee Receiver Configuration 5 4 Data Source Event to McAfee Field Mappings 6 4.1 Log Format 6 4.2 Log Sample 6 4.3 Mappings 6 5 Appendix A - Generic Syslog Configuration Details 7 6 Appendix B - Troubleshooting 7 Accellion Secure File Transfer Page 3 of 7

1 Introduction This guide details how to configure Accellion Secure File Transfer to send syslog data in the proper format to the ESM. 2 Prerequisites McAfee Enterprise Security Manager Version 9.1.0 and above. In order to configure the Accellion Secure File Transfer Syslog service, appropriate administrative level access is required to perform the necessary changes documented below. Accellion Secure File Transfer Page 4 of 7

3 Specific Data Source Configuration Details 3.1 Accellion Secure File Transfer Configuration 1. From the Home menu, click on Appliance 2. Click on Configure 3. In the Syslog Server field enter in the IP address of the McAfee ESM 4. Click Submit to save and exit 3.2 McAfee Receiver Configuration After successfully logging into the McAfee ESM console the data source will need to be added to a McAfee Receiver in the ESM hierarchy. 1. Select the Receiver you are applying the data source setting to. 2. Select the Receiver properties. 3. From the Receiver Properties listing, select Data Sources. 4. Select Add Data Source. OR 1. Select the Receiver you are applying the data source setting to. 2. After selecting the Receiver, select the Add Data Source icon. Data Source Screen Settings 1. Data Source Vendor Accellion 2. Data Source Model Secure File Transfer (ASP) 3. Data Format Default 4. Data Retrieval SYSLOG (Default) 5. Enabled: Parsing/Logging/SNMP Trap <Defaults> 6. Name Name of data source 7. IP Address/Hostname The IP address and host name associated with the data source device. 8. Syslog Relay <Enable> 9. Mask <Default> 10. Require Syslog TLS Enable to require the Receiver to communicate over TLS. 11. Support Generic Syslogs <Default> 12. Time Zone Time zone of data being sent. Note Refer to Appendix A for details on the Data Source Screen options Accellion Secure File Transfer Page 5 of 7

4 Data Source Event to McAfee Field Mappings 4.1 Log Format The expected format for this device is as follows: <date time> <device name> <application> <IP address> <user> <message> <destination user> 4.2 Log Sample This is a sample log from a Accellion Secure File Transfer device: <123>1 2001-01-01T01:01:01-01:00 name0001 httpd - - - [12345]: (1.2.3.4) (User:username) [Web] Sent password reset request to ldap user, user_id:example@example.com 4.3 Mappings The table below shows the mappings between the data source and McAfee ESM fields. Log Fields McAfee ESM Fields Device Name Application IP Address User Destination User Filename From email To email Email subject Hostname Application Source IP Source Username Destination Username Filename From To Subject Accellion Secure File Transfer Page 6 of 7

5 Appendix A - Generic Syslog Configuration Details Once you select the option to add a data source, you are taken to the Add Data Source menu. The general options for adding a data source are shown. As you select different options, additional parameters may show. Each of these parameters will be examined in more detail. 1. Use System Profiles System Profiles are a way to use settings that are repetitive in nature, without having to enter the information each time. An example is WMI credentials, which are necessary to retrieve Windows Event Logs if WMI is the chosen mechanism. 2. Data Source Vendor List of all supported vendors. 3. Data Source Model List of supported products for a vendor. 4. Data Format Data Format is the format the data is in. Options are Default, CEF, and MEF. Note If you choose CEF it will enable the generic rule for CEF and may not parse data source-specific details. 5. Data Retrieval Data Retrieval allows you to select how the Receiver is going to collect the data. Default is over syslog. 6. Enabled: Parsing/Logging/SNMP Trap Enables parsing of the data source, logging of the data source, and reception of SNMP traps from the data source. If no option is checked, the settings are saved to the ESM, but not written to the Receiver or utilized. Default is to select Parsing. 7. Name This is the name that will appear in the Logical Device Groupings tree and the filter lists. 8. IP Address/Hostname The IP address and host name associated with the data source device. 9. Syslog Relay Syslog Relay allows data to be collected via relays and bucketed to the correct data source. Enable syslog relay on relay sources such as Syslog-NG. 10. Mask Enables you to apply a mask to an IP address so that a range of IP addresses can be accepted. 11. Require Syslog TLS Enable to require the receiver to communicate over TLS. 12. Support Generic Syslog Generic Syslog allows users to select Parse generic syslog or Log unknown syslog event. Both these options will create an alert for an auto-learned syslog event if there is no parsing rule. 13. Time Zone - If syslog events are sent in a time zone other than GMT, you need to set the time zone of the data source so the date on the events can be set accordingly. 14. Interface Opens the receiver interface settings to associate ports with streams of information. 15. Advanced Opens advanced settings for the data source. 6 Appendix B - Troubleshooting If a data source is not receiving events, verify that the data source settings have been written out and that policy has been rolled out to the Receiver. If you see errors saying events are being discarded because the Last Time value is more than one hour in the future, or the values are incorrect, you may need to adjust the Time Zone setting. Accellion Secure File Transfer Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information