Security

Reply
Moderator
Posts: 473
Registered: ‎11-09-2012

TechNote - CPPM & ArcSight and 3rd party Threat Detection to automate enforcement of endpoints

[ Edited ]

I posted this last Friday - bad day for posting as things get missed....

 

Teams,

This NEW TechNote covers how to setup in this case a Palo-Alto Network Firewall to send CEF formatted syslog to ArcSight ESM. Have ArcSight parse this syslog, read the KVP’s and use the KVP’s to tigger API calls into ClearPass via a .py script when it detects ’threats’ coming from the PANW. Later I plan to add the configuration for CheckPoint/Juniper and potentially Fortinet to this solution.

(Note: credit for the .py goes to Bob Filer)

You  can find the document on the support site located here CPPM TechNote - Network Threat Detection with SIEM Integration

 

CPPM TechNote - Network Threat Detection Utilizing ArcSight ESM V1.pdf

Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted.

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: