Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here

TechNote - CPPM & ArcSight and 3rd party Threat Detection to automate enforcement of endpoints

I posted this last Friday - bad day for posting as things get missed....



This NEW TechNote covers how to setup in this case a Palo-Alto Network Firewall to send CEF formatted syslog to ArcSight ESM. Have ArcSight parse this syslog, read the KVP’s and use the KVP’s to tigger API calls into ClearPass via a .py script when it detects ’threats’ coming from the PANW. Later I plan to add the configuration for CheckPoint/Juniper and potentially Fortinet to this solution.

(Note: credit for the .py goes to Bob Filer)

You  can find the document on the support site located here CPPM TechNote - Network Threat Detection with SIEM Integration


CPPM TechNote - Network Threat Detection Utilizing ArcSight ESM V1.pdf

Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted.


Best Regards

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: