Effective logging to meet Cybersecurity needs from Mobility Controller to SIEM
08-22-2017 12:38 PM
The Aruba and Logrhythm community sites are rather sparse on what to setup from an external logging perspective to get the most effective use out of logs as it pertains to Mobility Controllers, so thought I would query the community to see if anyone has tackled this already and has suggestions.
I'm looking for information to meet our Cybersecurity monitoring needs, so Rogues and Suspected Rogue Classifications, Match Methods, etc.. and other data that may be helpful from an alerting or correlation with other log sources.
I will also be looking to gather data from Airwave but there are specific fields, such as "Match-Method" that exists on the controller and have a placeholder in Airwave but this data does not get transmitted between the systems (no idea why??).
We are parsing auth data from Clearpass, but looking into these other log sources to paint a more complete picture.
Any thoughts or suggestions are welcome.
Re: Effective logging to meet Cybersecurity needs from Mobility Controller to SIEM
03-01-2018 09:17 AM
glink having the same issue. We need to also setup AirWave on our LR AI Engine from CyberSecurity perspective as well. Though I found something a hopeful Log Processing Policy that could possibly match lose to AirWave. I am using the Syslog - Aruba Wireless Access Point but I don't think that is enough. But I am using that. Thanks.