close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Event Collection from Third-party Devices
- Event Collection from Third-party Devices
- Adding a DSM
play_arrow Introduction to Log Source Management
- Introduction to Log Source Management
- Adding a Log Source
- Adding a Log Source by using the Log Sources Icon
- Adding Bulk Log Sources
- Adding Bulk Log Source by using the Log Sources Icon
- Editing Bulk Log Sources
- Editing Bulk Log Sources by using the Log Sources icon
- Adding a Log Source Parsing Order
- Testing Log Sources
- Log Source Groups
play_arrow Gateway Log Source
- Gateway Log Source
- Log Source Identifier Pattern
play_arrow Log Source Extensions
- Log Source Extensions
- Patterns in Log Source Extension Documents
- Match Groups
- Extension Document Template
- Creating a Log Source Extensions Document to get data into JSA
- Examples of Parsing Issues
play_arrow Manage Log Source Extensions
- Log Source Extension Management
- Adding a Log Source Extension
play_arrow Threat Use Cases by Log Source Type
- Threat Use Cases by Log Source Type
play_arrow Troubleshooting DSMs
- Troubleshooting DSMs
play_arrow Protocols
- Undocumented protocols
- Protocol Configuration Options
play_arrow Universal Cloud REST API Protocol
- Universal Cloud REST API Protocol
- Workflow
- Workflow Parameter Values
- State
- Actions
- JPath
- Command Line Testing Tool
play_arrow Protocols that Support Certificate Management
- Protocols that support Certificate Management
play_arrow 3Com Switch 8800
- 3Com Switch 8800
- Configuring Your 3COM Switch 8800
play_arrow AhnLab Policy Center
- AhnLab Policy Center
play_arrow Akamai KONA
- Akamai Kona
- Configure an Akamai Kona Log Source by using the HTTP Receiver Protocol
- Configure an Akamai Kona Log Source by using the Akamai Kona REST API Protocol
- Configuring Akamai Kona to Communicate with JSA
- Creating an Event Map for Akamai Kona Events
- Modifying the Event Map for Akamai Kona
- Akamai Kona Sample Event Messages
play_arrow Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs DSM Specifications
- Publishing Flow Logs to an S3 Bucket
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs Sample Event Message
play_arrow Amazon AWS CloudTrail
- Amazon AWS CloudTrail
- Configuring an Amazon AWS CloudTrail Log Source by using the Amazon AWS S3 REST API Protocol
- Configuring an Amazon AWS CloudTrail Log Source by using the Amazon Web Services Protocol
- Amazon AWS CloudTrail Sample Event Message
play_arrow Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service DSM Specifications
- Configuring Amazon Elastic Kubernetes Service to Communicate with JSA
- Configuring Security Credentials for your AWS User Account
- Amazon Web Services Log Source Parameters for Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service Sample Event Messages
play_arrow Amazon AWS Network Firewall
- Amazon AWS Network Firewall
- Amazon AWS Network Firewall DSM Specifications
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for Your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS Network Firewall
- AWS Network Firewall Sample Event Messages
play_arrow Amazon AWS Route 53
- Amazon AWS Route 53
- Amazon AWS Route 53 DSM Specifications
- Configuring an Amazon AWS Route 53 Log Source by using the Amazon Web Services Protocol and CloudWatch Logs
- Configuring an Amazon AWS Route 53 Log Source by using an S3 Bucket with an SQS Queue
- Configuring an Amazon AWS Route 53 Log Source by using an S3 Bucket with a Directory Prefix
- Amazon AWS Route 53 Sample Event Messages
play_arrow Amazon AWS Security Hub
- Amazon AWS Security Hub
- Creating an EventBridge Rule for Sending Events
- Creating an Identity and Access (IAM) User in the AWS Management Console When Using the Amazon Web Services
- Amazon AWS Security Hub DSM specifications
- Amazon AWS Security Hub Sample Event Message
play_arrow Amazon AWS WAF
- Amazon AWS WAF
- Amazon AWS WAF DSM Specifications
- Configuring Amazon AWS WAF to Communicate with JSA
- Configuring Security Credentials for your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS WAF
- Amazon AWS WAF Sample Event Messages
play_arrow Amazon GuardDuty
- Amazon GuardDuty
- Configuring an Amazon GuardDuty Log Source by using the Amazon Web Services Protocol
- Creating an EventBridge Rule for Sending Events
- Creating an Identity and Access (IAM) User in the AWS Management Console
- Configuring an Amazon GuardDuty Log Source by using the Amazon AWS S3 REST API Protocol
- Configuring Amazon GuardDuty to Forward Events to an AWS S3 Bucket
- Amazon GuardDuty Sample Event Messages
play_arrow Ambiron TrustWave IpAngel
- Ambiron TrustWave IpAngel
play_arrow Amazon VPC Flow Logs
- Amazon VPC Flow Logs
- Amazon VPC Flow Logs Specifications
- Publishing Flow Logs to an S3 Bucket
- Create the SQS Queue that is Used to Receive ObjectCreated Notifications
- Configuring Security Credentials for your AWS User Account
play_arrow APC UPS
- APC UPS
- Configuring Your APC UPS to Forward Syslog Events
- APC UPS Sample Event Message
play_arrow Apache HTTP Server
- Apache HTTP Server
- Configuring Apache HTTP Server with Syslog
- Syslog Log Source Parameters for Apache HTTP Server
- Configuring Apache HTTP Server with Syslog-ng
- Syslog Log Source Parameters for Apache HTTP Server
- Apache HTTP Server Sample Event Messages
play_arrow Apple Mac OS X
- Apple Mac OS X
- Apple Mac OS X DSM Specifications
- Syslog Log Source Parameters for Apple Mac OS X
- Configuring Syslog on Your Apple Mac OS X
- Sample Event Message
play_arrow Application Security DbProtect
- Application Security DbProtect
- Installing the DbProtect LEEF Relay Module
- Configuring the DbProtect LEEF Relay
- Configuring DbProtect Alerts
play_arrow Arbor Networks
- Arbor Networks
- Arbor Networks Peakflow SP
- Arbor Networks Pravail
play_arrow Arpeggio SIFT-IT
- Arpeggio SIFT-IT
- Configuring a SIFT-IT Agent
- Syslog Log Source Parameters for Arpeggio SIFT-IT
- Additional Information
play_arrow Array Networks SSL VPN
- Array Networks SSL VPN
- Syslog Log Source Parameters for Array Networks SSL VPN
play_arrow Aruba Networks
- Aruba Networks
- Aruba ClearPass Policy Manager
- Aruba Introspect
- Aruba Mobility Controllers
play_arrow Avaya VPN Gateway
- Avaya VPN Gateway
- Avaya VPN Gateway DSM Integration Process
- Configuring Your Avaya VPN Gateway System for Communication with JSA
- Syslog Log Source Parameters for Avaya VPN Gateway
- Avaya VPN Gateway Sample Event Messages
play_arrow BalaBit IT Security
- BalaBit IT Security
- BalaBIt IT Security for Microsoft Windows Events
- BalaBit IT Security for Microsoft ISA or TMG Events
play_arrow Barracuda
- Barracuda
- Barracuda Spam & Virus Firewall
- Barracuda Web Application Firewall
- Barracuda Web Filter
play_arrow BeyondTrust PowerBroker
- BeyondTrust PowerBroker
- Syslog Log Source Parameters for BeyondTrust PowerBroker
- TLS Syslog Log Source Parameters for BeyondTrust PowerBroker
- Configuring BeyondTrust PowerBroker to Communicate with JSA
- BeyondTrust PowerBroker DSM Specifications
- BeyondTrust PowerBroker Sample Event Messages
play_arrow BlueCat Networks Adonis
- BlueCat Networks Adonis
- Supported Event Types
- Event Type Format
- Configuring BlueCat Adonis
- Syslog Log Source Parameters for BlueCat Networks Adonis
play_arrow Blue Coat SG
- Blue Coat
- Blue Coat SG
- Creating a Custom Event Format for Blue Coat SG
- Creating a Log Facility
- Enabling Access Logging
- Configuring Blue Coat SG for FTP Uploads
- Syslog Log Source Parameters for Blue Coat SG
- Log File Log Source Parameters for Blue Coat SG
- Configuring Blue Coat SG for Syslog
- Creating Extra Custom Format Key-value Pairs
- Blue Coat SG Sample Event Messages
play_arrow Blue Coat Web Security Service
- Blue Coat Web Security Service
- Configuring Blue Coat Web Security Service to Communicate with JSA
- Sample Event Message
play_arrow Box
- Box
- Configuring Box to Communicate with JSA
- Box Sample Event Messages
play_arrow Bridgewater
- Bridgewater
- Configuring Syslog for Your Bridgewater Systems Device
- Syslog Log Source Parameters for Bridgewater Systems
play_arrow Broadcom
- Broadcom
- Broadcom CA ACF2
- Broadcom CA Top Secret
- Broadcom Symantec SiteMinder
play_arrow Brocade Fabric OS
- Brocade Fabric OS
- Configuring Syslog for Brocade Fabric OS Appliances
- Brocade Fabric OS Sample Event Messages
play_arrow Carbon Black
- Carbon Black
- Carbon Black Bit9 Parity
- Bit9 Security Platform
play_arrow Centrify
- Centrify
- Centrify Identity Platform
- Centrify Identity Platform DSM specifications
- Configuring Centrify Identity Platform to communicate with JSA
- Centrify Infrastructure Services
- Configuring WinCollect Agent to Collect Event Logs from Centrify Infrastructure Services
- Configuring Centrify Infrastructure Services on a UNIX or Linux Device to Communicate with JSA
play_arrow Check Point
- Check Point
- Integrate Check Point by using Syslog
- Integrate Check Point by using OPSEC
- Integrating Check Point by using TLS Syslog
- Integration of Check Point Firewall Events from External Syslog Forwarders
- Check Point Multi-Domain Management (Provider-1)
play_arrow Cilasoft QJRN/400
- Cilasoft QJRN/400
- Configuring Cilasoft QJRN/400
- Syslog Log Source Parameters for Cilasoft QJRN/400
play_arrow Cisco
- Cisco
- Cisco ACE Firewall
- Configuring Cisco Aironet to Forward Events
- Cisco ACS
- Cisco ASA
- Cisco AMP
- Cisco CallManager
- Cisco CatOS for Catalyst Switches
- Cisco Cloud Web Security
- Cisco CSA
- Cisco Firepower Management Center
- Cisco Firepower Threat Defense
- Cisco FWSM
- Cisco Identity Services Engine
- Cisco IDS/IPS
- Cisco IOS
- Cisco IronPort
- Cisco Meraki
- Cisco NAC
- Cisco Nexus
- Cisco Pix
- Cisco Stealthwatch
- Cisco Umbrella
- Cisco VPN 3000 Concentrator
- Cisco Wireless LAN Controllers
- Cisco Wireless Services Module
play_arrow Citrix
- Citrix
- Citrix Access Gateway
- Citrix NetScaler
play_arrow Cloudera Navigator
- Cloudera Navigator
- Configuring Cloudera Navigator to Communicate with JSA
play_arrow Cloudflare Logs
- Cloudflare Logs
- Cloudflare Logs DSM Specifications
- Configure Cloudflare to send Events to JSA when you use the HTTP Receiver Protocol
- Configuring Cloudflare Logs to Send Events to JSA when you use the Amazon S3 REST API Protocol
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for Your AWS User Account
- HTTP Receiver Log Source Parameters for Cloudflare Logs
- Amazon AWS S3 REST API Log Source Parameters for Cloudflare Logs
- Cloudflare Logs Sample Event Messages
play_arrow CloudPassage Halo
- CloudPassage Halo
- Configuring CloudPassage Halo for Communication with JSA
- Syslog Log Source Parameters for CloudPassage Halo
- Log File Log Source Parameters for CloudPassage Halo
play_arrow CloudLock Cloud Security Fabric
- CloudLock Cloud Security Fabric
- Configuring CloudLock Cloud Security Fabric to Communicate with JSA
play_arrow Correlog Agent for IBM Z/OS
- Correlog Agent for IBM Z/OS
- Configuring Your CorreLog Agent System for Communication with JSA
play_arrow CrowdStrike Falcon
- CrowdStrike Falcon
- CrowdStrike Falcon DSM Specifications
- Configuring CrowdStrike Falcon to Communicate with JSA
- Syslog Log Source Parameters for CrowdStrike Falcon
- CrowdStrike Falcon Host Sample Event Message
play_arrow CRYPTOCard CRYPTO-Shield
- CRYPTOCard CRYPTO-Shield
- Configuring Syslog for CRYPTOCard CRYPTO-Shield
- Syslog Log Source Parameters for CRYPTOCard CRYPTO-Shield
play_arrow CyberArk
- CyberArk
- CyberArk Privileged Threat Analytics
- CyberArk Vault
play_arrow CyberGuard Firewall/VPN Appliance
- CyberGuard Firewall/VPN Appliance
- Configuring Syslog Events
- Syslog Log Source Parameters for CyberGuard
play_arrow Damballa Failsafe
- Damballa Failsafe
- Configuring Syslog for Damballa Failsafe
- Syslog Log Source Parameters for Damballa Failsafe
play_arrow DG Technology MEAS
- DG Technology MEAS
- Configuring Your DG Technology MEAS System for Communication with JSA
play_arrow Digital China Networks (DCN)
- Digital China Networks (DCN)
- Configuring a DCN DCS/DCRS Series Switch
- Syslog Log Source Parameters for DCN DCS/DCRS Series Switches
play_arrow Enterprise-IT-Security.com SF-Sherlock
- Enterprise-IT-Security.com SF-Sherlock
- Configuring Enterprise-IT-Security.com SF-Sherlock to Communicate with JSA
play_arrow Epic SIEM
- Epic SIEM
- Configuring Epic SIEM 2014 to Communicate with JSA
- Configuring Epic SIEM 2015 to Communicate with JSA
- Configuring Epic SIEM 2017 to Communicate with JSA
play_arrow ESET Remote Administrator
- ESET Remote Administrator
- Configuring ESET Remote Administrator to Communicate with JSA
play_arrow Exabeam
- Exabeam
- Configuring Exabeam to Communicate with JSA
- Exabeam Sample Event Message
play_arrow Extreme
- Extreme
- Extreme 800-Series Switch
- Extreme Dragon
- Extreme HiGuard Wireless IPS
- Extreme HiPath Wireless Controller
- Extreme Matrix Router
- Extreme Matrix K/N/S Series Switch
- Extreme NetSight Automatic Security Manager
- Extreme NAC
- Configuring Extreme Stackable and Stand-alone Switches
- Extreme Networks ExtremeWare
- Extreme XSR Security Router
play_arrow F5 Networks
- F5 Networks
- F5 Networks BIG-IP AFM
- F5 Networks BIG-IP APM
- F5 Networks BIG-IP ASM
- F5 Networks BIG-IP LTM
- F5 Networks FirePass
play_arrow Fair Warning
- Fair Warning
- Log File Log Source Parameters for Fair Warning
- Fair Warning Sample Event Messages
play_arrow Fasoo Enterprise DRM
- Fasoo Enterprise DRM
- Configuring Fasoo Enterprise DRM to Communicate with JSA
play_arrow Fidelis XPS
- Fidelis XPS
- Configuring Fidelis XPS
- Syslog Log Source Parameters for Fidelis XPS
- Fidelis XPS Sample Event Messages
play_arrow FireEye
- FireEye
- Configuring Your FireEye System for Communication with JSA
- Configuring Your FireEye HX System for Communication with JSA
- Configuring a FireEye Log Source in JSA
- FireEye Sample Event Message
play_arrow Forcepoint
- Forcepoint
- Forcepoint Stonesoft Management Center
- Forcepoint Sidewinder
- Forcepoint TRITON
- Forcepoint V-Series Data Security Suite
- Forcepoint V-Series Content Gateway
play_arrow ForeScout CounterACT
- ForeScout CounterACT
- Syslog Log Source Parameters for ForeScout CounterACT
- Configuring the ForeScout CounterACT Plug-in
- Configuring ForeScout CounterACT Policies
- ForeScout CounterACT Sample Event Messages
play_arrow Fortinet FortiGate
- Fortinet FortiGate Security Gateway
- Configuring a Syslog Destination on Your Fortinet FortiGate Security Gateway Device
- Configuring a Syslog Destination on Your Fortinet FortiAnalyzer Device
- Fortinet FortiGate Security Gateway Sample Event Messages
- Configuring JSA to Categorize App Ctrl Events for Fortinet Fortigate Security Gateway
play_arrow Foundry FastIron
- Foundry FastIron
- Configuring Syslog for Foundry FastIron
- Syslog Log Source Parameters for Foundry FastIron
play_arrow FreeRADIUS
- FreeRADIUS
- Configuring Your FreeRADIUS Device to Communicate with JSA
play_arrow Generic
- Generic
- Generic authorization Server
- Generic firewall
play_arrow Google Cloud Audit Logs
- Google Cloud Audit Logs
- Google Cloud Audit Logs DSM Specifications
- Configuring Google Cloud Audit Logs to Communicate with JSA
- Google Cloud Pub/Sub Protocol Log Source parameters for Google Cloud Audit Logs
- Google Cloud Audit Logs Sample Event Messages
play_arrow Genua Genugate
- Genua Genugate
- Configuring Genua Genugate to Send Events to JSA
- Genua Genugate Sample Event Messages
play_arrow Google Cloud Platform Firewall
- Google Cloud Platform Firewall
- Google Cloud Platform Firewall DSM Specifications
- Configuring Google Cloud Platform Firewall to Communicate with JSA
- Google Cloud Pub/Sub Log Source Parameters for Google Cloud Platform Firewall
- Sample Event Message
play_arrow Google G Suite Activity Reports
- Google G Suite Activity Reports
- Google G Suite Activity Reports DSM Specifications
- Configuring Google G Suite Activity Reports to Communicate with JSA
- Assigning a Role to a User
- Creating a Service Account with Viewer Access
- Granting API Client Access to a Service Account
- Google G Suite Activity Reports Log Source Parameters
- Google G Suite Activity Reports Sample Event Messages
- Troubleshooting Google G Suite Activity Reports
play_arrow Great Bay Beacon
- Great Bay Beacon
- Configuring Syslog for Great Bay Beacon
- Syslog Log Source Parameters for Great Bay Beacon
play_arrow H3C Technologies
- H3C Technologies
- H3C Comware Platform
play_arrow HBGary Active Defense
- HBGary Active Defense
- Configuring HBGary Active Defense
- Syslog Log Source Parameters for HBGary Active Defense
play_arrow HCL BigFix (formerly known as IBM BigFix)
- HCL BigFix (formerly known as IBM BigFix)
play_arrow Honeycomb Lexicon File Integrity Monitor (FIM)
- Honeycomb Lexicon File Integrity Monitor (FIM)
- Supported Honeycomb FIM Event Types Logged by JSA
- Configuring the Lexicon Mesh Service
- Syslog Log Source Parameters for Honeycomb Lexicon File Integrity Monitor
play_arrow Hewlett Packard Enterprise
- Hewlett Packard Enterprise
- HPE Network Automation
- Configuring HPE Network Automation Software to Communicate with JSA
- HPE ProCurve
- HPE Tandem
- Hewlett Packard Enterprise UniX (HPE-UX)
play_arrow Huawei
- Huawei
- Huawei AR Series Router
- Huawei S Series Switch
play_arrow HyTrust CloudControl
- HyTrust CloudControl
- Configuring HyTrust CloudControl to Communicate with JSA
play_arrow IBM
- IBM
- IBM AIX DSMs
- IBMi
- IBM DB2
- IBM BigFix Detect
- IBM Cloud Platform (formerly known as IBM Bluemix Platform)
- IBM CICS
- IBM DataPower
- IBM DLC Metrics
- IBM Federated Directory Server
- IBM MaaS360 Security
- IBM Guardium
- IBM IMS
- IBM Informix Audit
- IBM Lotus Domino
- IBM Privileged Session Recorder
- IBM Proventia
- IBM RACF
- IBM SAN Volume Controller
- IBM Security Directory Server
- IBM Security Identity Governance
- IBM Security Network IPS (GX)
- IBM Network Security (XGS)
- IBM Security Trusteer
- IBM Security Trusteer Apex Advanced Malware Protection
- IBM Security Trusteer Apex Local Event Aggregator
- IBM Sense
- IBM SmartCloud Orchestrator
- IBM Tivoli Access Manager for E-business
- IBM Web Sphere Application Server
- IBM WebSphere DataPower
- IBM Z/OS
- IBM zSecure Alert
play_arrow ISC BIND
- ISC BIND
- ISC BIND DSM Specifications
- Syslog Log Source Parameters for ISC BIND
- ISC BIND Sample Event Message
play_arrow Illumio Adaptive Security Platform
- Illumio Adaptive Security Platform
- Configuring Illumio Adaptive Security Platform to Communicate with JSA
play_arrow Imperva Incapsula
- Imperva Incapsula
play_arrow Imperva SecureSphere
- Imperva SecureSphere
- Configuring an Alert Action for Imperva SecureSphere
- Configuring a System Event Action for Imperva SecureSphere
- Configuring Imperva SecureSphere V11.0 to V13 to Send Database Audit Records to JSA
play_arrow Infoblox NIOS
- Infoblox NIOS
- Infoblox NIOS DSM Specifications
- Infoblox NIOS Sample Event Message
play_arrow IT-CUBE AgileSI
- IT-CUBE AgileSI
- Configuring AgileSI to Forward Events
- SMB Tail Log Source Parameters for iT-CUBE AgileSI
play_arrow Itron Smart Meter
- Itron Smart Meter
play_arrow Juniper Networks
- Juniper Networks
- Juniper Networks AVT
- Juniper Networks DDoS Secure
- Juniper Networks DX Application Acceleration Platform
- Juniper Networks EX Series Ethernet Switch
- Juniper Networks IDP
- Juniper Networks Infranet Controller
- Juniper Networks Firewall and VPN
- Juniper Networks Junos OS
- Juniper Networks Network and Security Manager
- Juniper Networks Secure Access
- Juniper Networks Security Binary Log Collector
- Juniper Networks Steel-Belted Radius
- Juniper Networks VGW Virtual Gateway
- Juniper Networks Junos OS WebApp Secure
- Juniper Networks WLC Series Wireless LAN Controller
play_arrow Kaspersky
- Kaspersky
- Kaspersky CyberTrace
- Kaspersky Security Center
play_arrow Kisco Information Systems SafeNet/i
- Kisco Information Systems SafeNet/i
- Configuring Kisco Information Systems SafeNet/i to Communicate with JSA
play_arrow Kubernetes Auditing
- Kubernetes Auditing
- Kubernetes Auditing DSM Specifications
- Configuring Kubernetes Auditing to Communicate with JSA
- Kubernetes Auditing Log Source Parameters
- Kubernetes Auditing Sample Event Message
play_arrow Lastline Enterprise
- Lastline Enterprise
- Configuring Lastline Enterprise to Communicate with JSA
play_arrow Lieberman Random Password Manager
- Lieberman Random Password Manager
play_arrow LightCyber Magna
- LightCyber Magna
- Configuring LightCyber Magna to Communicate with JSA
play_arrow Linux
- Linux
- Linux DHCP Server
- Linux IPtables
- Linux OS
play_arrow LOGbinder
- LOGbinder
- LOGbinder EX Event Collection from Microsoft Exchange Server
- LOGbinder SP Event Collection from Microsoft SharePoint
- LOGbinder SQL Event Collection from Microsoft SQL Server
play_arrow McAfee
- McAfee
- JDBC Log Source Parameters for McAfee Application/ Change Control
- McAfee EPolicy Orchestrator
- McAfee MVISION Cloud (formerly known as Skyhigh Networks Cloud Security Platform)
- McAfee Network Security Platform (formerly known as McAfee Intrushield)
- McAfee Web Gateway
play_arrow MetaInfo MetaIP
- Syslog Log Source Parameters for MetaInfo MetaIP
play_arrow Microsoft
- Microsoft
- Microsoft 365 Defender
- Microsoft Azure Active Directory
- Microsoft Azure Platform
- Microsoft Azure Security Center
- Microsoft DHCP Server
- Microsoft DNS Debug
- Microsoft Endpoint Protection
- Microsoft Exchange Server
- Microsoft Hyper-V
- Microsoft IAS Server
- Microsoft IIS Server
- Microsoft ISA
- Microsoft Office 365
- Microsoft Office 365 Message Trace
- JDBC Log Source Parameters for Microsoft Operations Manager
- Microsoft SharePoint
- Microsoft SQL Server
- JDBC Log Source Parameters for Microsoft System Center Operations Manager
- Microsoft Windows Security Event Log
play_arrow Motorola Symbol AP
- Motorola Symbol AP
- Syslog Log Source Parameters for Motorola SymbolAP
- Configure Syslog Events for Motorola Symbol AP
play_arrow Name Value Pair
- Name Value Pair
play_arrow NCC Group DDoS Secure
- NCC Group DDoS Secure
- Configuring NCC Group DDoS Secure to Communicate with JSA
play_arrow NetApp Data ONTAP
- NetApp Data ONTAP
play_arrow Netgate pfSense
- Netgate pfSense
- Netgate pfSense DSM Specifications
- Configuring Netgate pfSense to Communicate with JSA
- Syslog Log Source Parameters for Netgate pfSense
- Sample Event Message
play_arrow Netskope Active
- Netskope Active
- Netskope Active REST API Log Source Parameters for Netskope Active
- Netskope Active Sample Event Message
play_arrow NGINX HTTP Server
- NGINX HTTP Server
- NGINX HTTP Server DSM Specifications
- NGINX HTTP Server Sample Event Message
play_arrow Niksun
- Niksun
play_arrow Nokia Firewall
- Nokia Firewall
- Integration with a Nokia Firewall by Using Syslog
- Integration with a Nokia Firewall by Using OPSEC
play_arrow Nominum Vantio
- Nominum Vantio
play_arrow Nortel Networks
- Nortel Networks
- Nortel Multiprotocol Router
- Nortel Application Switch
- Nortel Contivity
- Nortel Ethernet Routing Switch 2500/4500/5500
- Nortel Ethernet Routing Switch 8300/8600
- Nortel Secure Router
- Nortel Secure Network Access Switch
- Nortel Switched Firewall 5100
- Nortel Switched Firewall 6000
- Nortel Threat Protection System (TPS)
- Nortel VPN Gateway
play_arrow Novell EDirectory
- Novell EDirectory
- Configuring XDASv2 to Forward Events
- Loading the XDASv2 Module
- Loading the XDASv2 on a Linux Operating System
- Loading the XDASv2 on a Windows Operating System
- Configuring Event Auditing Using Novell IManager
- Configuring a Log Source
- Novell eDirectory Sample Event Message
play_arrow Observe IT JDBC
- Observe IT JDBC
play_arrow Okta
- Okta
play_arrow Onapsis Security Platform
- Onapsis Security Platform
- Configuring Onapsis Security Platform to Communicate with JSA
play_arrow OpenBSD
- OpenBSD
- Syslog Log Source Parameters for OpenBSD
- Configuring Syslog for OpenBSD
play_arrow Open LDAP
- Open LDAP
- UDP Multiline Syslog Log Source Parameters for Open LDAP
- Configuring IPtables for Multiline UDP Syslog Events
- Configuring Event Forwarding for Open LDAP
play_arrow Open Source SNORT
- Open Source SNORT
- Configuring Open Source SNORT
- Syslog Log Source Parameters for Open Source SNORT
play_arrow OpenStack
- OpenStack
- Configuring OpenStack to Communicate with JSA
play_arrow Oracle
- Oracle
- Oracle Acme Packet Session Border Controller
- Oracle Audit Vault
- Oracle BEA WebLogic
- Oracle RDBMS Audit Record
- Oracle DB Listener
- Oracle Directory Server overview
- Oracle Enterprise Manager
- Oracle Fine Grained Auditing
- Oracle RDBMS OS Audit Record
- osquery
play_arrow OSSEC
- OSSEC
- Configuring OSSEC
- Syslog Log Source Parameters for OSSEC
play_arrow Palo Alto Networks
- Palo Alto Networks
- Palo Alto Endpoint Security Manager
- Palo Alto Networks PA Series
play_arrow Pirean Access: One
- Pirean Access: One
- JDBC log source parameters for Pirean Access: One
play_arrow PostFix Mail Transfer Agent
- PostFix Mail Transfer Agent
- Configuring Syslog for PostFix Mail Transfer Agent
- UDP Multiline Syslog Log Source Parameters for PostFix MTA
- Configuring IPtables for Multiline UDP Syslog Events
- PostFix Mail Transfer Agent Sample Event Messages
play_arrow ProFTPd
- ProFTPd
- Configuring ProFTPd
- Syslog Log Source Parameters for ProFTPd
play_arrow Proofpoint Enterprise Protection and Enterprise Privacy
- Proofpoint Enterprise Protection and Enterprise Privacy
- Configuring Proofpoint Enterprise Protection and Enterprise Privacy DSM to Communicate with JSA
- Syslog Log Source Parameters for Proofpoint Enterprise Protection and Enterprise Privacy
play_arrow Pulse Secure
- Pulse Secure
play_arrow Pulse Secure Infranet Controller
- Pulse Secure Infranet Controller
play_arrow Pulse Secure Pulse Connect Secure
- Pulse Secure Pulse Connect Secure
- Configuring a Pulse Secure Pulse Connect Secure Device to Send WebTrends Enhanced Log File (WELF) Events to JSA
- Configuring a Pulse Secure Pulse Connect Secure Device to Send Syslog Events to JSA
- Pulse Secure Pulse Connect Secure Sample Event Message
play_arrow Radware
- Radware
- Radware AppWall
- Radware DefensePro
play_arrow Raz-Lee ISecurity
- Raz-Lee ISecurity
- Configuring Raz-Lee ISecurity to Communicate with JSA
- Syslog Log Source Parameters for Raz-Lee iSecurity
play_arrow Redback ASE
- Redback ASE
- Configuring Redback ASE
- Syslog Log Source Parameters for Redback ASE
play_arrow Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes DSM Specifications
- Configuring Red Hat Advanced Cluster Security for Kubernetes to Communicate with JSA
- HTTP Receiver Log Source Parameters for Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes Sample Event Messages
play_arrow Resolution1 CyberSecurity
- Resolution1 CyberSecurity
- Configuring Your Resolution1 CyberSecurity Device to Communicate with JSA
- Log File Log Source Parameters for Resolution1 CyberSecurity
play_arrow Riverbed
- Riverbed
- Riverbed SteelCentral NetProfiler (Cascade Profiler) Audit
- Riverbed SteelCentral NetProfiler (Cascade Profiler) Alert
play_arrow RSA Authentication Manager
- RSA Authentication Manager
- Configuration Of Syslog for RSA Authentication Manager 6.x, 7.x and 8.x
- Configuring Linux
- Configuring Windows
- Configuring the Log File Protocol for RSA Authentication Manager 6.x and 7.x
- Configuring RSA Authentication Manager 6.x
- Configuring RSA Authentication Manager 7.x
play_arrow SafeNet DataSecure
- SafeNet DataSecure
- Configuring SafeNet DataSecure to communicate with JSA
play_arrow Salesforce
- Salesforce
- Salesforce Security
- Salesforce Security Auditing
play_arrow Samhain Labs
- Samhain Labs
- Configuring Syslog to Collect Samhain Events
- JDBC Log Source Parameters for Samhain
play_arrow SAP Enterprise Threat Detection
- SAP Enterprise Threat Detection
- SAP Enterprise Threat Detection DSM Specifications
- SAP Enterprise Threat Detection Alert API Log Source Parameters for SAP Enterprise Threat Detection
- Creating a Pattern Filter on the SAP Server
- Troubleshooting the SAP Enterprise Threat Detection Alert API
- SAP Enterprise Threat Detection Sample Event Message
play_arrow Seculert
- Seculert
- Obtaining an API Key
play_arrow Sentrigo Hedgehog
- Sentrigo Hedgehog
play_arrow SolarWinds Orion
- SolarWinds Orion
- Configuring SolarWinds Orion to Communicate with JSA
- SNMP Log Source Parameters for SolarWinds Orion
- Installing the Java Cryptography Extension on JSA
- Solar Winds Orion Sample Event Message
play_arrow SonicWALL
- SonicWALL
- Configuring SonicWALL to Forward Syslog Events
- Syslog Log Source Parameters for SonicWALL
- SonicWALL Sample Event Messages
play_arrow Sophos
- Sophos
- Sophos Enterprise Console
- Sophos PureMessage
- Sophos Astaro Security Gateway
- Sophos Web Security Appliance
play_arrow Sourcefire Intrusion Sensor
- Sourcefire Intrusion Sensor
- Configuring Sourcefire Intrusion Sensor
- Syslog Log Source Parameters for Sourcefire Intrusion Sensor
play_arrow Splunk
- Splunk
- Collecting Windows Events that are Forwarded from Splunk
- TCP Multiline Syslog Log Source Parameters for Splunk
play_arrow Squid Web Proxy
- Squid Web Proxy
- Configuring Syslog Forwarding
- Syslog Log Source Parameters for Squid Web Proxy
- Squid Web Proxy Sample Event Messages
play_arrow SSH CryptoAuditor
- SSH CryptoAuditor
- Configuring an SSH CryptoAuditor Appliance to Communicate with JSA
play_arrow Starent Networks
- Configuring Starent Networks Device to Forward Syslog Events to JSA
play_arrow STEALTHbits
- STEALTHbits
- STEALTHbits StealthINTERCEPT
- STEALTHbits StealthINTERCEPT Alerts
- STEALTHbits StealthINTERCEPT Analytics
play_arrow Sun
- Sun
- Sun ONE LDAP
- Sun Solaris Basic Security Mode (BSM)
- Sun Solaris DHCP
- Sun Solaris OS
- Sun Solaris Sendmail
play_arrow Suricata
- Suricata
- Suricata DSM Specifications
- Configuring Suricata to Communicate with JSA
- Syslog Log Source Parameters for Suricata
- TLS Syslog Log Source Parameters for Suricata
- Suricata Sample Event Message
play_arrow Sybase ASE
- Sybase ASE
- JDBC Log Source Parameters for Sybase ASE
play_arrow Symantec
- Symantec
- Symantec Critical System Protection
- Symantec Data Loss Prevention (DLP)
- Symantec Endpoint Protection
- Symantec Encryption Management Server
- Symantec SGS
- Symantec System Center
play_arrow SysFlow
- SysFlow
- SysFlow DSM Specifications
- Configuring SysFlow agent to communicate with JSA
- Syslog Log Source Parameters for SysFlow
- SysFlow Sample Event Message
play_arrow ThreatGRID Malware Threat Intelligence Platform
- ThreatGRID Malware Threat Intelligence Platform
- Supported Event Collection Protocols for ThreatGRID Malware Threat Intelligence
- ThreatGRID Malware Threat Intelligence Configuration Overview
play_arrow TippingPoint
- TippingPoint
- TippingPoint Intrusion Prevention System
- TippingPoint X505/X506 Device
play_arrow Top Layer IPS
- Top Layer IPS
play_arrow Townsend Security LogAgent
- Townsend Security LogAgent
- Configuring Raz-Lee ISecurity
- Syslog Log Source Parameters for Raz-Lee i Security
play_arrow Trend Micro
- Trend Micro
- Trend Micro Apex Central
- Trend Micro Apex One
- Trend Micro Control Manager
- Trend Micro Deep Discovery Analyzer
- Trend Micro Deep Discovery Director
- Trend Micro Deep Discovery Email Inspector
- Trend Micro Deep Discovery Inspector
- Trend Micro Deep Security
play_arrow Tripwire
- Tripwire
play_arrow Tropos Control
- Tropos Control
play_arrow Universal CEF
- Universal CEF
play_arrow Universal LEEF
- Universal LEEF
play_arrow Vectra Networks Vectra
- Vectra Networks Vectra
- Configuring Vectra Networks Vectra to Communicate with JSA
- Vectra Networks Vectra Sample Event Messages
play_arrow Venustech Venusense
- Venustech Venusense
- Venusense Configuration Overview
- Configuring a Venusense Syslog Server
- Configuring Venusense Event Filtering
- Syslog Log Source Parameters for Venustech Venusense
play_arrow Verdasys Digital Guardian
- Verdasys Digital Guardian
- Configuring IPtables
- Configuring a Data Export
- Syslog Log Source Parameters for Verdasys Digital Guardian
play_arrow Vericept Content 360 DSM
- Vericept Content 360 DSM
play_arrow VMware
- VMware
- VMware AppDefense
- VMware Carbon Black App Control (formerly known as Carbon Black Protection)
- VMware ESX and ESXi
- VMware VCenter
- VMware VCloud Director
- VMware VShield
play_arrow Vormetric Data Security
- Vormetric Data Security
- Vormetric Data Security DSM Integration Process
- Configuring Your Vormetric Data Security Systems for Communication with JSA
- Configuring Vormetric Data Firewall FS Agents to Bypass Vormetric Data Security Manager
- Syslog Log Source Parameters for Vormetric Data Security
play_arrow WatchGuard Fireware OS
- WatchGuard Fireware OS
- Configuring Your WatchGuard Fireware OS Appliance in Policy Manager for Communication with JSA
- Configuring Your WatchGuard Fireware OS Appliance in Fireware XTM for Communication with JSA
- Syslog Log Source Parameters for WatchGuard Fireware OS
play_arrow Websense
- Websense
play_arrow Zscaler Nanolog Streaming Service
- Zscaler Nanolog Streaming Service
- Zscaler NSS DSM Specifications
- Syslog Log Source Parameters for Zscaler NSS
- Zscaler NSS Sample Event Message
play_arrow Zscaler Private Access
- Zscaler Private Access
- Zscaler Private Access DSM Specifications
- Configuring Zscaler Private Access to Send Events to JSA
- Syslog Log Source Parameters for Zscaler Private Access
- Zscaler Private Access Sample Event Messages
play_arrow JSA Supported DSMs
- JSA Supported DSMs

list Table of Contents

English

IBM Security Trusteer Apex Advanced Malware Protection

date_range 27-Mar-21

arrow_backward

arrow_forward

The IBM Security Trusteer Apex Advanced Malware Protection DSM collects event data from a Trusteer Apex Advanced Malware Protection system to JSA.

JSA can collect the following items from the Trusteer Apex Advanced Malware Protection system:

Syslog events
Log files (from an intermediary server that hosts flat feed files from the system.)
Syslog events through SSL/TLS authentication

The following table lists the specifications for the IBM Security Trusteer Apex Advanced Malware Protection DSM:

Table 1: IBM Security Trusteer ApexAdvanced Malware Protection DSM Specifications
Specification	Value
Manufacturer	IBM
DSM name	IBM Security Trusteer Apex Advanced Malware Protection
RPM file name	DSM-TrusteerApex-`JSA_version-build_number`.noarch.rpm
Supported versions	Syslog/LEEF event collection: Apex Local Manager 2.0.45 LEEF: `ver_1303.1` Flat File Feed: v1, v3, and v4
Protocol	Syslog Log File TLS Syslog
Recorded event types	Malware Detection Exploit Detection Data Exfiltration Detection Lockdown for Java Event File Inspection Event Apex Stopped Event Apex Uninstalled Event Policy Changed Event ASLR Violation Event ASLR Enforcement Event Password Protection Event
Automatically discovered?	Yes
Includes identity?	No
Includes custom properties?	No
More information	IBM Security Trusteer Apex Advanced Malware Protection website

To configure IBM Security Trusteer Apex Advanced Malware Protection event collection, complete the following steps:

If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console:
- DSMCommon RPM
- Log File Protocol RPM
- TLS Syslog Protocol RPM
- IBM Security Trusteer Apex Advanced Malware Protection DSM RPM
Choose one of the following options:
- To send syslog events to JSA, see "Configuring IBM Security Trusteer Apex Advanced Malware Protection to send syslog events to JSA".
- To collect log files from IBM Security Trusteer Apex Advanced Malware Protection through an intermediary server, see "Configuring a Flat File Feed service". For JSA to retrieve log files from IBM Security Trusteer Apex Advanced Malware Protection, you must set up a flat file feed service on an intermediary SFTP-enabled server. The service enables the intermediary server to host the flat files that it receives from IBM Security Trusteer Apex Advanced Malware Protection and allows for connections from external devices so that JSA can retrieve the log files.

If JSA does not automatically discover the log source, add an IBM Security Trusteer Apex Advanced Malware Protection log source on the JSA console.

The following table describes the parameters that require specific values for IBM Security Trusteer Apex Advanced Malware Protection syslog event collection:

Table 2: IBM Security Trusteer Apex Advanced Malware Protection Log Source Parameters for Syslog
Parameter	Value
Log Source type	IBM Security Trusteer Apex Advanced Malware Protection
Protocol Configuration	Syslog
Log Source Identifier	The IP address or host name from the syslog header. If the syslog header does not contain an IP address or a host name, use the packet IP address.
TLS Listen Port	The default port is 6514.
Authentication Mode	TLS
Certificate Type	Select the Provide Certificate option from the list.
Maximum Connections	The Maximum Connections parameter controls how many simultaneous connections the TLS Syslog protocol can accept for each Event Collector. For each Event Collector, there is a limit of 1000 connections across all TLS syslog log source configurations. The default for each device connection is 50. Note: Automatically discovered log sources that share a listener with another log source count only one time towards the limit. For example, the same port on the same event collector.
TLS Protocols	Select the version of TLS installed on the client from the drop down list.
Provided Server Certificate Path	Absolute path of server certificate. For example, /opt/qradar/conf/trusted_certificates/apex-almtls. cert
Provided Private Key Path	Absolute path of PKCS#8 private key. For example, /etc/pki/tls/private/apex-alm-tls.pk8

Note:

When you use the TLS syslog, and you want to use an FQDN to access the system, you must generate your own certificate for the listener, and then specify it in the TLS syslog configuration.

The following table describes the parameters that require specific values for IBM Security Trusteer Apex Advanced Malware Protection TLS syslog event collection:

Table 3: IBM Security Trusteer Apex Advanced Malware Protection Log Source Parameters for TLS Syslog protocol
Parameter	Value
Log Source type	IBM Security Trusteer Apex Advanced Malware Protection
Protocol Configuration	TLS Syslog
Log Source Identifier	The IP address or host name from in syslog header. If the syslog header does not contain an IP address or host name, use the packet IP address.
TLS Listen Port	The default port is 6514.
Authentication Mode	TLS
Authentication Mode	Select the Provide Certificate option from the list.
Maximum Connections	The Maximum Connections parameter controls how many simultaneous connections the TLS Syslog protocol can accept for each Event Collector. For each Event Collector, there is a limit of 1000 connections across all TLS syslog log source configurations. The default for each device connection is 50. Note: Automatically discovered log sources that share a listener with another log source count only one time towards the limit. For example, the same port on the same event collector.
TLS Protocols	Select the version of TLS installed on the client from the drop down list.
Provided Server Certificate Path	Absolute path of server certificate For example /opt/qradar/conf/trusted_certificates/apex-almtls. cert.
Provided Private Key Path	Absolute path of PKCS#8 private key. For example /etc/pki/tls/private/apex-alm-tls.pk8

Note:

When you use the TLS syslog, and you want to use an FQDN to access the system, you must generate your own certificate for the listener, and then specify it in the TLS syslog configuration

The following table describes the parameters that require specific values for IBM Security Trusteer Apex Advanced Malware Protection Log File collection:

Table 4: IBM Security Trusteer Apex Advanced Malware Protection Log Source Parameters for Log File Protocol
Parameter	Value
Log Source Type	IBM Security Trusteer Apex Advanced Malware Protection
Protocol Configuration	Log File
Log Source Identifier	The IP address or host name of the server that hosts the flat file feed.
Service Type	SFTP
Remote IP or Hostname	The IP address or host name of the server that hosts the flat file feed.
Remote Port	`22`
Remote User	The user name that you created for JSA on the server that hosts the flat file feed.
SSH Key File	If you use a password, you can leave this field blank.
Remote Directory	The log file directory where the flat feed files are stored.
Recursive	Do not select this option.
FTP File Pattern	`"trusteer_feeds_.?_[0-9]{8}_[0-9]?\.csv"`
Start Time	The time that you want your log file protocol to start log file collection.
Recurrence	The polling interval for log file retrieval.
Run On Save	Must be enabled.
Processor	None
Ignore Previously Processed Files	Must be enabled.
Event Generator	LINEBYLINE
File Encoding	UTF-8

Configuring IBM Security Trusteer Apex Advanced Malware Protection to Send Syslog Events to JSA

Configure IBM Security Trusteer Apex Advanced Malware Protection to send syslog events to JSA.

Install an Apex Local Manager on your Trusteer Management Application (TMA).

For more information about configuring your IBM Security Trusteer Apex Advanced Malware Protection to communicate with JSA, use the following documentation from the Juniper Networks Knowledge Center:

IBM Security Trusteer Apex Advanced Malware Protection Local Manager - Hybrid Solution Reference Guide
IBM Security Trusteer Apex Advanced Malware Protection Feeds Reference Guide

SSL/TLS authentication is not supported.

Log in to Trusteer Management Application (TMA).
Select Apex Local Manager & SIEM Settings.
If the Apex Local Manager wizard does not automatically display, click Add.
Type the name of the Apex Local Manager.
Check the Enable box and click Next.
Type the server settings for JSA and click Next.
If you use a separate syslog server for the Apex Local Manager system events, type the settings.
Click Finish.

Configuring IBM Security Trusteer Apex Advanced Malware Protection to Send TLS Syslog Events to JSA

You can configure IBM Security Trusteer Apex Advanced Malware Protection to send syslog events through secure socket layer (SSL) or transport layer security (TLS) to JSA.

Complete the following steps to establish a secure channel for transmitting logs between Apex Trusteer and JSA:

Create TLS/SSL Server Certificates and private key.
Create Client Authentication certificates in a PKCS#12 container for Apex Local Manager.
Configure the JSA log source for IBM Security Trusteer Apex Advanced Malware Protection.
Configure the Apex Local Manager(ALM).

Creating a TLS/SSL Server Certificate and Private Key
Creating Client Authentication Certificates and Keys for Apex Local Manager
Configuring the Apex Local Manager
Configuring the ALM Instance

Creating a TLS/SSL Server Certificate and Private Key

To establish a communication between JSA and Apex Local Manager (ALM) by using TLS encryption, you must create a self-signed certificate with public and private key pairs.

Log in to JSA as a root user by using SSH.
Create a self-signed certificate. For example,

openssl req -new -x509 -newkey rsa:2048 -days 3650 -sha512 -nodes -x509 -subj "/C=US/ST=Georiga/L=Atlanta/O=IBM/OU=IBM Security/CN=JSA FQDN or ip address" -keyout apex-alm-tls.key -out apex-alm-tls.cert
Convert the private key to the required DER encode PKCS#8 format:

openssl pkcs8 -topk8 -inform PEM -outform DER -in apex-alm-tls.key -out apex-alm-tls.pk8 -nocrypt
Note:
- Use a unique filename if a certificate needs to be changed or updated.
- Put the certificate file in /opt/qradar/conf/trusted_certificates.
- Do not place the PKCS#8 formatted key file in /opt/qradar/conf/trusted_certificates.

Creating Client Authentication Certificates and Keys for Apex Local Manager

Configuring an ALM for TLS Syslog authentication requires a PKCS#12 file that contains the certificate and private key.

Create a self-signed certificate and private key. For example,

openssl req -new -x509 -newkey rsa:2048 -days 3650 -sha512 -nodes -x509 -subj "/C=US/ST=Georiga/L=Atlanta/O=IBM/OU=IBM Security/CN=ALM FQDN or IP Address" -keyout alm-client-syslog-tls.key -out alm-client-syslog-tls.cert
Create the PKCS#12 container:

openssl pkcs12 -export -inkey alm-client-syslog-tls.key -in alm-client-syslog-tls.cert -out alm-client-syslog-tls.p12 -name "alm-client-syslog-tls"

Note:
Make note of the password that you entered. The password is required when you configure the Apex Local Manager.

Configuring the Apex Local Manager

Configure the Apex Local Manager through a customer-assigned Apex Trusteer Management Application (TMA) original server.

Log in to the Apex TMA.
From the left navigation menu, click the Administration accordion to expand the options available.
Click the Apex Local Manager & SIEM Settings.
Click Add and complete the following steps:
1. Select the option to enable this Apex Local Manager.
2. Enter a unique name.
Click Next.

From the SIEM/Syslog Server Settings page, provide a value for the following parameters:

Table 5: Apex Local Manager SIEM/Syslog Server Setting Parameters
Parameter	Description
Type	JSA SIEM (LEEF)
Hostname	`<fqdn of the JSA appliance>`
Port	Default is 6514.
Protocol	TCP with SSL/TLS
PKCS#12 Upload File	Upload the local PKCS#12 file
Encryption Password	The password that was entered during the creation of the client authentication certificates for Apex Local Manager.
CA Certificate Upload File	Upload local certifcate file. For example, apex-alm-tls.cert

Click Next.

From the System Events Setting page, provide a value for the following parameters:

Table 6: System Events Setting Parameters
Parameter	Description
Hostname	`<JSA FQDN or IP Address>`
Port	Default is 6514
Protocol	Syslog with SSL/TLS
PKCS#12 Upload File	Upload the local PKCS#12 file. For example, alm-client-syslog.tls.p12
Encryption Password	The password that was entered during the creation of the client authentication certificates for Apex Local Manager.
CA Certificate Upload File	Upload local certifcate file. For example, apex-alm-tls.cert

Click Finish to save the configuration.
Select the new entry.
Copy the Provisioning key.

Configuring the ALM Instance

Configure the ALM instance by using the provisioning key copied from the Apex Local Manager.

Log in to the Apex Local Manager at:

https://ipaddress:8443
From the General Settings page, paste the provisioning key into the field and click the Synchronize Settings.

Note:
A message will be displayed that states that the settings synchronized successfully.
Click the Test Connection to send test event to JSA and validate the connection.

Configuring a Flat File Feed Service

For JSA to retrieve log files from IBM Security Trusteer Apex Advanced Malware Protection, you must set up a flat file feed service on an intermediary SFTP-enabled server. The service enables the intermediary server to host the flat files that it receives from IBM Security Trusteer Apex Advanced Malware Protection and allows for connections from external devices so that JSA can retrieve the log files.

To configure IBM Security Trusteer Apex Advanced Malware Protection to send flat file feed to the intermediary server, contact IBM Trusteer support.

Flat File Feeds use a CSV format. Each feed item is written to the file on a separate line, which contains several comma-separated fields. Each field contains data that describes the feed item. The first field in each feed line contains the feed type.

Enable an SFTP-enabled server and ensure that external devices can reach it.
Log on to the SFTP-enabled server.
Create a user account on the server for IBM Security Trusteer Apex Advanced Malware Protection.
Create a user account for JSA.
Enable SSH key-based authentication.

After you set up the intermediary server, record the following details:

Target SFTP server name and IP addresses
SFTP server port (standard port is 22)
The file path for the target directory
SFTP user name if SSH authentication is not configured
Upload frequency (from 1 minute to 24 hours)
SSH public key in RSA format

IBM Trusteer support uses the intermediary server details when they configure IBM Security Trusteer Apex Advanced Malware Protection to send flat feel files.

arrow_backward PREVIOUS IBM Security Trusteer

NEXT arrow_forward IBM Security Trusteer Apex Local Event Aggregator

Juniper Secure Analytics Configuring DSMs Guide

ON THIS PAGE

IBM Security Trusteer Apex Advanced Malware Protection

Configuring IBM Security Trusteer Apex Advanced Malware Protection to Send Syslog Events to JSA

Configuring IBM Security Trusteer Apex Advanced Malware Protection to Send TLS Syslog Events to JSA

Creating a TLS/SSL Server Certificate and Private Key

Creating Client Authentication Certificates and Keys for Apex Local Manager

Configuring the Apex Local Manager

Configuring the ALM Instance

Configuring a Flat File Feed Service

Stay in touch

Helped me install or use the product
Accelerated my deployment

Discuss the product with a co-worker
Make a purchase inquiry

Juniper Secure Analytics Configuring DSMs Guide

ON THIS PAGE

IBM Security Trusteer Apex Advanced Malware Protection

Configuring IBM Security Trusteer Apex Advanced Malware Protection to Send Syslog Events to JSA

Configuring IBM Security Trusteer Apex Advanced Malware Protection to Send TLS Syslog Events to JSA

Creating a TLS/SSL Server Certificate and Private Key

Creating Client Authentication Certificates and Keys for Apex Local Manager

Configuring the Apex Local Manager

Configuring the ALM Instance

Configuring a Flat File Feed Service

Related Documentation

Stay in touch