Illumio Adaptive Security Platform

The JSA DSM for Illumio Adaptive Security Platform collects events from the Illumio Policy Compute Engine (PCE).

The following table describes the specifications for the Illumio Adaptive Security Platform DSM:

Table 1: Illumio Adaptive Security Platform DSM Specifications
Specification	Value
Manufacturer	Illumio
DSM name	Illumio Adaptive Security Platform
RPM file name	DSM-Illumio AdaptiveSecurity Platform-`JSA_version-build_number` .noarch.rpm
Supported versions	N/A
Protocol	Syslog
Event format	Log Event Extended Format (LEEF)
Recorded event types	Audit Traffic
Automatically discovered?	Yes
Includes identity?	No
Includes custom properties?	No
More information	Illumio website (https://www.illumio.com)

To integrate Illumio Adaptive Security Platform with JSA, complete the following steps:

If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads, in the order that they are listed, on your JSA console:
- DSMCommon RPM
- Illumio Adaptive Security Platform DSM RPM
Configure your Illumio PCE to send syslog events to JSA.

If JSA does not automatically detect the log source, add an Illumio Adaptive Security Platform log source on the JSA console. The following table describes the parameters that require specific values for Illumio Adaptive Security Platform event collection:

Table 2: Illumio Adaptive Security Platform Log Source Parameters
Parameter	Value
Log Source type	Illumio Adaptive Security Platform
Protocol Configuration	Syslog
Log Source Identifier	A unique identifier for the log source.

To verify that JSA is configured correctly, review the following table to see an example of a parsed event message.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

The following table shows a sample event message from Illumio Adaptive Security Platform:

Table 3: Illumio Adaptive Security Platform Sample Message
Event name	Low level category	Sample log message
flow_allowed	Firewall Permit	<14>1 2016-08-08T22:18:24.000+00:00 hostname1 illumio_pce/collector 5458 - - sec=694704.253 sev=INFO pid=5458 tid=14554040 rid=0 LEEF:2.0\|Illumio \|PCE\|16.6.0\|flow_allowed\|cat=flow _summary devTime=2016-08-08T15 :20:55-07:00 devTimeFormat= yyyy-MM-dd'T'HH:mm:ssX proto=udp sev=1 src=<Source_IP_address> dst=<Destin ation_IP_address> dstPort=14000 srcBytes=0 dstBytes=15936 count=1 dir=I hostname= hostname2 intervalSec=3180 state=T workloadUUID=xxxxxxxx-xxxx -xxxx-xxxx-xxxxxxxxxxxx

Table 3: Illumio Adaptive Security Platform Sample Message

Event name

Low level category

Sample log message

flow_allowed

Firewall Permit

<14>1 2016-08-08T22:18:24.000+00:00
hostname1
illumio_pce/collector 5458 - -
sec=694704.253 sev=INFO pid=5458
tid=14554040 rid=0 LEEF:2.0|Illumio
|PCE|16.6.0|flow_allowed|cat=flow
_summary devTime=2016-08-08T15
:20:55-07:00 devTimeFormat=
yyyy-MM-dd'T'HH:mm:ssX
proto=udp sev=1
src=<Source_IP_address> dst=<Destin
ation_IP_address> dstPort=14000
srcBytes=0 dstBytes=15936
count=1 dir=I hostname=
hostname2 intervalSec=3180
state=T workloadUUID=xxxxxxxx-xxxx
-xxxx-xxxx-xxxxxxxxxxxx