Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

TechNote - CPPM & ArcSight and 3rd party Threat Detection to automate enforcement of endpoints

This thread has been viewed 1 times

  • 1.  TechNote - CPPM & ArcSight and 3rd party Threat Detection to automate enforcement of endpoints

    Posted Feb 05, 2016 05:10 PM

    I posted this last Friday - bad day for posting as things get missed....

     

    Teams,

    This NEW TechNote covers how to setup in this case a Palo-Alto Network Firewall to send CEF formatted syslog to ArcSight ESM. Have ArcSight parse this syslog, read the KVP’s and use the KVP’s to tigger API calls into ClearPass via a .py script when it detects ’threats’ coming from the PANW. Later I plan to add the configuration for CheckPoint/Juniper and potentially Fortinet to this solution.

    (Note: credit for the .py goes to Bob Filer)

    You  can find the document on the support site located here CPPM TechNote - Network Threat Detection with SIEM Integration

     

    CPPM TechNote - Network Threat Detection Utilizing ArcSight ESM V1.pdf

    Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted.