TechNote - CPPM & ArcSight and 3rd party Threat Detection to automate enforcement of endpoints
02-05-2016 02:09 PM - edited 05-05-2016 04:34 PM
I posted this last Friday - bad day for posting as things get missed....
This NEW TechNote covers how to setup in this case a Palo-Alto Network Firewall to send CEF formatted syslog to ArcSight ESM. Have ArcSight parse this syslog, read the KVP’s and use the KVP’s to tigger API calls into ClearPass via a .py script when it detects ’threats’ coming from the PANW. Later I plan to add the configuration for CheckPoint/Juniper and potentially Fortinet to this solution.
(Note: credit for the .py goes to Bob Filer)
You can find the document on the support site located here CPPM TechNote - Network Threat Detection with SIEM Integration
CPPM TechNote - Network Threat Detection Utilizing ArcSight ESM V1.pdf
Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted.
ClearPass Product Manager
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.