Device Integration: CyberGuard SG565

Similar documents
Device Integration: Cisco Wireless LAN Controller (WLC)

Device Integration: Citrix NetScaler

Device Integration: Checkpoint Firewall-1

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

How to send s triggered by events

Monitoring VMware ESX Virtual Switches

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

Deploying HIDS Client to Windows Hosts

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

Suricata IDS. What is it and how to enable it

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

User Management Guide

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Assets, Groups & Networks

AlienVault Offline Key Activation

How to enable File Integrity Monitoring (FIM)

Intrusion Detection in AlienVault

The SIEM Evaluator s Guide

RSA Security Analytics

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

Netflow Collection with AlienVault Alienvault 2013

RSA Security Analytics

RSA Event Source Configuration Guide. McAfee Firewall Enterprise

RSA Authentication Manager

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Unified Security Management and Open Threat Exchange

RSA Event Source Configuration Guide. McAfee Database Security

Exporting IBM i Data to Syslog

RSA Security Analytics

Accellion Secure File Transfer

Integrating Barracuda Web Application Firewall

IBM Security QRadar SIEM Version MR1. Administration Guide

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

Asset Management Guide

EventTracker: Integrating Imperva SecureSphere

Configuring NetFlow Secure Event Logging (NSEL)

How To Configure Syslog over VPN

PIX/ASA 7.x with Syslog Configuration Example

A10 Networks Load Balancer

F-SECURE MESSAGING SECURITY GATEWAY

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Configuring Trend Micro Content Security

IBM Security SiteProtector System Configuration Guide

RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

RSA Security Analytics

Barracuda Networks Web Application Firewall

Securing and Accelerating Databases In Minutes using GreenSQL

AlienVault Unified Security Management for Government v4.12 & CyberC4:Alert v4.12 Configuration for Common Criteria

Network Metrics Content Pack for VMware vrealize Log Insight

FirewallTM. isecurity. Out-of-the Box. The Network Security Component of. Version 15. Copyright Raz-Lee Security Ltd.

Discover Security That s Highly Intelligent.

Integrate Websense Web Security Gateway (WSG)

Adaptive Log Exporter Users Guide

HPSM Integration Guide

Unified Security Management (USM) Asset Management Guide

Step by Step: vcenter Syslog Collector installation

Endpoint web control overview guide. Sophos Web Appliance Sophos Enterprise Console Sophos Endpoint Security and Control

RSA Security Analytics

A CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide

Administering Cisco ISE

Accounting Manager. User Guide A31003-P1030-U

RSA Security Analytics

Monitoring System Status

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

_Firewall. Palo Alto. How Logtrust works with Palo Alto Networks

orrelog SNMP Trap Monitor Software Users Manual

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

RSA Event Source Configuration Guide. Microsoft Dynamic Host Configuration Protocol Server

Management, Logging and Troubleshooting

Alarms. Understanding Alarms CHAPTER

Collecting Windows logs using Snare

LogLogic Microsoft Dynamic Host Configuration Protocol (DHCP) Log Configuration Guide

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6

F5 Local Traffic Manager

Chapter 8 Monitoring and Logging

Best Practices for Database Security

disect Systems Logging Snort alerts to Syslog and Splunk PRAVEEN DARSHANAM

Red Condor Syslog Server Configurations

Juniper Secure Analytics

Extreme Networks Security Log Manager Administration Guide

Flow Publisher v1.0 Getting Started Guide. Get started with WhatsUp Flow Publisher.

WHAT IS LOG CORRELATION? Understanding the most powerful feature of SIEM

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

NovaBACKUP Central Management Console

Lieberman Software Corporation Enterprise Random Password Manager

IBM Security QRadar Vulnerability Manager Version User Guide

McAfee Asset Manager Console

Subject: Request for Information (RFI) Franchise Tax Board (FTB) Security Information and Event Management (SIEM) Project.

Lab Configure IOS Firewall IDS

Symantec Event Collector 4.3 for SNARE for Windows Quick Reference

Installing and Configuring vcloud Connector

Database Replication Error in Cisco Unified Communication Manager

Transcription:

Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved.

AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

CONTENTS 1. INTRODUCTION... 4 2. CYBERGUARD SG565 INFORMATION... 4 3. CONFIGURING CYBERGUARD SG565 TO SEND LOG DATA TO ALIENVAULT... 4 4. CONFIGURING ALIENVAULT TO RECEIVE LOGS FROM CYBERGUARD SG565... 5 5. CONFIGURING LOG FILE EXPIRATION... 6 6. HOW TO ENABLE THIS PLUGIN... 6 DC-00123 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 3 of 6

1. INTRODUCTION The objective of this document is to explain how to configure a CyberGuard device to send log data to AlienVault USM. This document is related to the AlienVault document Data Source Plugin Management. The explanation about how to enable plugins can be found in that document. 2. CYBERGUARD SG565 INFORMATION Device Name Device Vendor Device Type Data Source Name Connection Type CyberGuard SG565 CyberGuard Firewall cyberguard Select Connection Type Data Source ID 1575 3. CONFIGURING CYBERGUARD SG565 TO SEND LOG DATA TO ALIENVAULT CyberGuard SG565 must be configured to send log data to an AlienVault Sensor over the syslog protocol. Pre-Requisites: IP Address of the AlienVault Sensor or All-in-One 1. Log into the CyberGuard GUI. 2. Create a new Endpoint (Customize > Environment > Endpoints). In the Name_field enter Alienvault and set Type to Host. Set Address_field to the IP Address of an Alienvault Sensor and Save. 3. Configure syslog: Select Customize > System > Syslog. DC-00123 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 4 of 6

Set Facility to LocalO and Level to Debug, check include higher levels. Select Action > send to host. In the host drop-down menu, select the entry for Alienvault and Save. 4. Create Alert Filters: Select Customize > Audit & Alerts > Audit Filters. Set the filter to accept everything. Set the Name field to Alienvault-Logging. Set the Attribute drop-down, to time, and the Relation drop-down to Exists. And then Save. 5. Set up a syslog relay: Select Customize > Audit & Alerts > Syslog Relay. Enter Alienvault Sensor into the Name field. Set Facility to LocalO. Set Level to Debug. Set Format to Native. Set Filter to Alienvault-Logging. 6. Save. Control > Firewall > Apply Configuration. 4. CONFIGURING ALIENVAULT TO RECEIVE LOGS FROM CYBERGUARD SG565 Devices that send log data via Syslog require configuration of the Syslog service to process those incoming logs into a unique file destination. 1. Open the AlienVault USM Console. 2. Select and accept the Jailbreak this appliance option to gain command line access. 3. Create a new configuration file to save incoming CyberGuard logs: DC-00123 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 5 of 6

nano w /etc/rsyslog.d/cyberguard.conf 4. Add the following line to the file, one for each CyberGuard device you are sending logs from: if ($fromhost-ip == <IP_Address_CyberGuard> ) then - /var/log/cyberguard.log 5. Press Crtl+W to save the file and Ctrl+X to exit the editor. 6. Restart the Syslog Collector: /etc/init.d/rsyslog restart 5. CONFIGURING LOG FILE EXPIRATION Incoming logs will be processed by the Sensor and passed on to the SIEM Service. Keeping the raw log files on the sensor for more than a few days is unnecessary and they should be purged to maintain adequate free filesystem capacity. 1. Create a new log rotation configuration file. nano w /etc/logrotate.d/cyberguard 2. Add the follows content to the file: 6. HOW TO ENABLE THIS PLUGIN This plugin is already configured but it is necessary to enable it, through command line console or through web interface. The instructions about how to enable this plugin can be found in the AlienVault document Data Source Plugin Management. DC-00123 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information