Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Palo Alto Ingress Event in ClearPass

This thread has been viewed 5 times

  • 1.  Palo Alto Ingress Event in ClearPass

    Posted Jul 22, 2016 11:15 AM
      |   view attached

    I just setup a Palo Alto firewall as an Event Source and created a Service in ClearPass using the new Event-Based Enforcement and I want to make sure it's been configured properly. I am seeing events come through in Access Tracker, so I assume the syslog tie-in to CPPM from Palo is working, but there isn't really any information in there. Also, one of the threats that shows up (OpenSSL TLS Heartbeat Information Disclosure Vulnerability - Reverse Heartbleed) doesn't seem like it is being sent to ClearPass despite the threat hitting the same Policy on Palo as the events that I am seeing come in. I have attached a screenshot of one of the events that I am seeing in Access Tracker.



  • 2.  RE: Palo Alto Ingress Event in ClearPass

    Posted Sep 02, 2016 12:19 PM

    I have the exact same issue.  I have a ticket open with Aruba and Palo Alto.  Looks like an issue with the ingress events dictionary.  Been working at it for a week now without any resolution.  Did you ever figure out what your issue was?

     

    Thanks!