IBM Proventia
JSA supports IBM Proventia Management SiteProtector and IBM ISS Proventia DSMs.
IBM Proventia Management SiteProtector
The IBM Proventia Management SiteProtector DSM for JSA accepts SiteProtector events by polling the SiteProtector database.
The DSM allows JSA to record Intrusion Prevention System (IPS) events and audit events directly from the IBMSiteProtector database.
The IBM Proventia Management SiteProtector DSM requires the latest JDBC Protocol to collect audit events.
The IBM Proventia Management SiteProtector DSM for JSA can accept detailed SiteProtector events by reading information from the primary SensorData1 table. The SensorData1 table is generated with information from several other tables in the IBMSiteProtector database. SensorData1 remains the primary table for collecting events.
IDP events include information from SensorData1, along with information from the following tables:
SensorDataAVP1
SensorDataReponse1
Audit events include information from the following tables:
AuditInfo
AuditTrail
Audit events are not collected by default and make a separate query to the AuditInfo and AuditTrail tables when you select the Include Audit Events check box. For more information about your SiteProtector database tables, see your vendor documentation.
Before you configure JSA to integrate with SiteProtector, we suggest that you create a database user account and password in SiteProtector for JSA.
Your JSA user must have read permissions for the SensorData1 table, which stores SiteProtector events. The JDBC - SiteProtector protocol allows JSA to log in and poll for events from the database. Creating a JSA account is not required, but it is recommended for tracking and securing your event data.
Ensure that no firewall rules are blocking the communication between the SiteProtector console and JSA.
JDBC Log Source Parameters for IBM Proventia Management SiteProtector
If JSA does not automatically detect the log source, add an IBM Proventia Management SiteProtector log source on the JSA Console by using the JDBC protocol.
When using the JDBC protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect JDBC events from IBM Proventia Management SiteProtector:
Parameter |
Description |
|---|---|
Log Source type |
IBM Proventia Management SiteProtector |
Protocol Configuration |
JDBC |
Log Source Identifier |
Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol. that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2. |
IBM ISS Proventia
The IBMIntegrated Systems Solutions (ISS) Proventia DSM for JSA records all relevant IBM Proventia events by using SNMP.
In the Proventia Manager user interface navigation pane, expand the System node.
Select System.
Select Services.
The Service Configuration page is displayed.
Click the SNMP tab.
Select SNMP Traps Enabled.
In the Trap Receiver field, type the IP address of your JSA you want to monitor incoming SNMP traps.
In the Trap Community field, type the appropriate community name.
From the Trap Version list, select the trap version.
Click Save Changes.
You are now ready to configure JSA to receive SNMP traps.
To configure JSA to receive events from an ISS Proventia device. From the Log Source Type list, select IBM Proventia Network Intrusion Prevention System (IPS).
For more information about your ISS Proventia device, see your vendor documentation.