2016 SIEM Content and Parsing Updates
|
|
- Kerrie Bond
- 6 years ago
- Views:
Transcription
1 2016 SIEM Content and Parsing Updates
2 Table of Contents Table of Contents SIEM Data Sources January 21, 2016 February 10, 2016 February 16, 2016 February 26, 2016 March 25, 2016 June 2, 2016 June 8, 2016 July 19, 2016 August 04, 2016 August 11, 2016 August 15, 2016 September 1, 2016 September 2, 2016 September 26, 2016 October 12, 2016 October 13, 2016 November 7, 2016 November 10, 2016 November 11, 2016 December 2, 2016 SIEM Custom Types October 13, 2016 October 25, 2016 SIEM Parsing Rules January 8, 2015 January 12, 2016 January 13, 2016 January 21, 2016 January 22, 2016 January 25, 2016 January 29, 2016 January 29, 2016 February 4, 2016 February 8, 2016 February 10, 2016 February 11, 2016 February 16, 2016 February 17, 2016 February 19, 2016 February 23, 2016 February 24, 2016 February 25, 2016 February 26, 2016 February 29, 2016 March 2, 2016 March 3, 2016 March 7, 2016 March 8, 2016 March 9, 2016 March 11, 2016 March 14, 2016 March 16, 2016 March 17, 2016 March 18, 2016 March 21, 2016 March 24, 2016 March 25, 2016 March 29, 2016 March 30, 2016 March 31, 2016 April 01, 2016 April 04, 2016 April 07, 2016 April 08, 2016 April 21,
3 April 26, 2016 May 3, 2016 May 5, 2016 May 5, 2016 May 9, 2016 May 11, 2016 May 16, 2016 May 18, 2016 May 23, 2016 May 24, 2016 May 25, 2016 May 26, 2016 May 27, 2016 June 2, 2016 June 06, 2016 June 08, 2016 June 13, 2016 June 15, 2016 June 17, 2016 June 20, 2016 June 23, 2016 June 28, 2016 June 30, 2016 July 07, 2016 July 08, 2016 July 11, 2016 July 12, 2016 July 13, 2016 July 15, 2016 July 19, 2016 July 22, 2016 July 25, 2016 August 02, 2016 August 04, 2016 August 11, 2016 August 15, 2016 August 22, 2016 August 24, 2016 September 1, 2016 September 2, 2016 September 15, 2016 September 19, 2016 September 23, 2016 September 26, 2016 October 5, 2016 October 12, 2016 October 13, 2016 October 25, 2016 October 28, 2016 November 2, 2016 November 7, 2016 November 9, 2016 November 10, 2016 November 11, 2016 December 2, 2016 December 5, 2016 December 14, 2016 December 15, 2016 December 16, 2016 Content Packs February 3, 2016 February 4, 2016 February 18, 2016 April 13, 2016 April 18, 2016 May 20, 2016 May 31, 2016 June 2, 2016 July 12, 2016 August 9, 2016 September 15, 2016 September 27, 2016 September 30,
4 November 2, 2016 IPS Rules January 12, 2016 January 14, 2016 January 15, 2016 February 9, 2016 March 8, 2016 March 17, 2016 March 23, 2016 April 13, 2016 May 20,
5 SIEM Data Sources January 21, 2016 New Data Source Vendor: SSH Communications Security Product: CryptoAuditor Collector: Syslog Device ID: 554 Version: ESM and above Notes: February 10, 2016 New Data Source Vendor: IBM Product: ISS SiteProtector - LEEF Collector: Syslog Device ID: 555 Version: ESM and above Notes: Parses LEEF formatted events received over syslog. February 16, 2016 New Data Source Product: Internet Authentication Service - Database Compatible Format Collector: File Pull / Syslog Device ID: 556 Version: ESM and above Notes: Parses database-compatible formatted log files. Parsed events use signature IDs associated with data source ID 407. February 26, 2016 Modified Data Source Vendor: Oracle Product: Oracle Audit - SQL Pull (ASP) Collector: SQL Device ID: 470 Version: ESM and above Notes: Updated to support pulling Audit events from Oracle 12c. New Data Source Vendor: Prevoty Product: Prevoty Collector: Syslog Device ID: 557 Version: ESM and above Notes: Syslog support requires the use of Log4j on Prevoty. March 25, 2016 New Data Source Vendor: Wurldtech Product: OpShield Collector: Syslog Device ID: 558 Version: ESM and above Notes: 5
6 June 2, 2016 New Data Source Vendor: Interset Product: Interset Collector: Syslog Device ID: 560 Version: ESM and above Notes:Requires Interset version 4.1 or greater. June 8, 2016 New Data Source Vendor: Globalscape Product: Globalscape EFT Collector: MEF Device ID: 561 Version: ESM and above. Notes: New Data Source Vendor: Blue Coat Product: Reporter Collector: File Device ID: 562 Version: ESM and above. Notes: Added support for Blue Coat Reporter Cloud Access logs. July 19, 2016 New Data Source Vendor: PhishMe Product: PhishMe Intelligence Collector: Syslog Device ID: 563 Version: ESM and above. August 04, 2016 New Data Source Vendor: Malwarebytes Product: Breach Remediation Collector: Syslog Device ID: 564 Version: ESM and above Notes: CEF format is supported. August 11, 2016 New Data Source Vendor: Malwarebytes Product: Management Console Collector: Syslog Device ID: 565 Version: ESM and above Notes:Management Console version 1.7, part of Malwarebytes Enterprise Endpoint Security, sends security events generated by Malwarebytes Anti- Malware and Malwarebytes Anti-Exploit running on managed endpoints. CEF formatted syslog is supported by ESM. August 15, 2016 New Data Sources Vendor: CyberArk Product: Privilaged Threat Analytics Collector: Syslog Device ID: 566 Version: ESM and above Notes: CEF format is supported from PTA version 3.1 September 1, 2016 New Data Sources Vendor: Skyhigh Networks Product: Cloud Security Platform Collector: Syslog Device ID: 567 Version: ESM and above Notes: Requires Skyhigh Enterprise Connector. CEF format is supported. Skyhigh version 2.2 and above is supported by ESM. Vendor: Niara Product: Niara Collector: Syslog Device ID: 568 Version: ESM and above Notes: Niara version 1.5 and above is supported by ESM. 6
7 Vendor: TrapX Security Product: DeceptionGrid Collector: Syslog Device ID: 569 Version: ESM and above Notes: September 2, 2016 New Data Sources Vendor: Attivo Networks Product: BOTsink Collector: Syslog Device ID: 570 Version: ESM and above Notes: Requires BOTsink version 3.3 or above. Vendor: PhishMe Product: PhishMe Triage Collector: Syslog Device ID: 571 Version: ESM and above. Notes: September 26, 2016 Updated Data Sources Product: epolicy Orchestrator (SiteAdvisor) Collector: SQL Device ID: 357 Version: ESM and above Notes: The SQL configuration was updated to report the HostName and HostIP fields belonging to the host running the SiteAdvisor client. October 12, 2016 New Data Sources Vendor: Fortscale Product: Fortscale UEBA Collector: Syslog Device ID: 572 Version: ESM and above Notes: October 13, 2016 New Data Source Vendor: ThreatConnect Product: ThreatConnect Threat Intelligence Platform Collector: Syslog Device ID: 573 Version: ESM and above Notes: November 7, 2016 New Data Sources Product: Endpoint Security Platform (epo) Collector: SQL Device ID: 574 Version: ESM and above Notes: Data source coupled with epo. Product: Endpoint Security Firewall (epo) Collector: SQL Device ID: 575 Version: ESM and above Notes: Data source coupled with epo. Product: Endpoint Security Threat Prevention (epo) Collector: SQL Device ID: 576 Version: ESM and above Notes: Data source coupled with epo. Product: Endpoint Security Web Control (epo) Collector: SQL Device ID: 577 7
8 Device ID: 577 Version: ESM and above Notes: Data source coupled with epo. November 10, 2016 Updated Data Sources Vendor: Oracle Product: Oracle Audit - SQL Pull (ASP) Collector: SQL Device ID: 470 Version: ESM and above Notes: The SQL configuration was updated to pull Unified Audit events from version 12c when mixed mode reporting is disabled and Unified Auditing is specifically enabled. November 11, 2016 Updated Data Sources Product: epolicy Orchestrator (HIPS) Collector: SQL Device ID: 357 Version: ESM and above Notes: The SQL configuration was updated to collect the Local Port and Remote Port fields from the HIPS tables in epo. December 2, 2016 Updated Data Sources Vendor: Symantec Product: Critical System Protection - SQL Pull (ASP) Collector: SQL Device ID: 103 Version: ESM and above Notes: The SQL configuration was updated to collect events from newer versions of Data Center Security including version 6.7. The data source name was also updated to Data Center Security (CSP) - SQL Pull. 8
9 SIEM Custom Types October 13, 2016 New Custom Types Field Name: Device_Confidence Data Type: Unsigned Integer Event Field: 24 Indexed: Yes ESM Version: and above October 25, 2016 New Custom Types Field Name: Total_Bytes Data Type: Accumulator Event Field: 3 Indexed: Yes ESM Version: and above 9
10 SIEM Parsing Rules January 8, 2015 Data Source: Advanced Threat Defense Parsing rules , , and were updated to map the Object GUID and Correlation ID from the log to the Object_GUID and Instance_GUID fields in the ESM. Data Source: Advanced Threat Defense Data Source rules , , , , , and were added to the Advanced Threat Defense rule set. January 12, 2016 Vendor: Juniper Networks Data Source: JUNOS Router (ASP) Parsing rules and were added to the JUNOS Router (ASP) rule set. Data Source: Windows Event Log - WMI Affected Versions: ESM and above Parsing rules , , , , , , , , , , , , , , and were added to the Windows Event Log - WMI rule set. January 13, 2016 Vendor: Vormetric Data Source: Data Security (ASP) Parsing rule was updated to add key to Registry_Key, and faked usernames to User_Nickname. Also updated normilization. Data Source: Windows Event Log - WMI Parsing rule was created to the Windows Event Log - WMI rule set to parse events from Vasco Identikey authentication server. January 21, 2016 Data Source: Microsoft Event Log - WMI Parsing rule was updated to map the filename to the Filename field in the ESM. Vendor: Fortinet Data Source: FortiGate UTM Parsing rules and were updated to include edit in the action map. Data Source: IOS IPS (SDEE protocol) Affected Versions: ESM and above Parsing rule was updated to map the CVE reference from the log to the Vulnerability_References field in the ESM. Vendor: SSH Communications Security Data Source: CryptoAuditor Parsing rule was added to the CryptoAuditor rule set. 10
11 January 22, 2016 Data Source: Network Security Manager (ASP) Affected Versions: ESM and above Data source rule messages were updated to reflect changes made by the McAfee NSM. January 25, 2016 Data Source: Windows Event Log - WMI Affected Versions: ESM and above Parsing rule was added to the Windows Event Log - WMI rule set to parse event 1085 from the Microsoft-Windows-GroupPolicy source. Data Source: Forefront Threat Management Gateway / ISA Server -W3C (ASP) Parsing rule was updated to account for optional ports at the end of source and destination IP's. Added Denied to action map action from the log to the Event Subtype field in the ESM. January 29, 2016 Data Source: Meraki Parsing rules through were added to the Meraki rule set. January 29, 2016 Data Source: Windows Event Log - WMI Parsing rules , , , , , , , and were updated to parse and capture the service name into ESM field Service_Name where they used to parse into Application. The rules also parse the following additional data from the logs: error code into ESM field Status, event count into ESM field Count, device action into ESM field Device_Action, and time for corrective actions into ESM field Response_Time. Vendor:F5 Networks Data Source: BIG-IP Application Security Manager (ASP) Parsing rules , , , and were updated to parse the PID from the logs. Vendor:F5 Networks Data Source: BIG-IP Local Traffic Manager - LTM (ASP) Parsing rules , , , , , and were updated to parse the PID from the logs into ESM field PID. Rule was also updated to capture the instance guid from the logs into ESM field instance_guid for ESM versions and above Vendor: Fortinet Data Source: FortiGate UTM - Space delimited (ASP) Parsing rule was updated to parse changes made to the event in newer versions of FortiGate UTM Data Source: PIX/ASA/FWSM (ASP) Parsing rules through were added to the Cisco PIX/ASA/FWSM rule set. Data Source: PIX/ASA/FWSM (ASP) Parsing rules through were added to the Cisco PIX/ASA/FWSM rule set. Vendor:F5 Networks Data Source: BIG-IP Local Traffic Manager (ASP) Parsing rules through were added to the BIG-IP Local Traffic Manager (ASP) rule set. Vendor: Fortinet Data Source: FortiGate UTM - Space delimited (ASP) Parsing rules and were added to the FortiGate UTM rule set. February 4, 2016 Data Source: Windows Event Log - WMI Parsing rules were added to the Windows Event Log - WMI rule set to support Terminal Services and Remote Desktop Services events. Data Source: Windows Event Log - WMI 11
12 Affected Versions: ESM and above Parsing rules , , and have updated normalization from Authentication -> User Account to Network Access -> Connection/Session. Parsing rules , , , and have updated normalization from Authentication -> Login to Application -> Configuration Status. February 8, 2016 Data Source: PIX/ASA/FWSM - ASP Parsing rules through were added to the PIX/ASA/FWSM - ASP rule set. Data Source: IOS (ASP) Affected Versions: ESM and above Multiple rules were updated to modify the parsing of the data and time from Cisco events. February 10, 2016 Vendor: Checkpoint Data Source: Checkpoint - ASP Affected Versions: ESM and above Parsing rules were updated to prioritize an IPV4 address to capture into the ESM field NAT_Details.NAT_Address, when it exists in the logs. Vendor: Enterasys Networks Data Source: Enterasys Network Access Control (ASP) Parsing rule was modified to account for new format for the State field in the logs. Vendor: IBM Data Source: ISS SiteProtector - LEEF Parsing rule was added to the ISS SiteProtector - LEEF rule set. February 11, 2016 Vendor: SourceFire Data Source: FireSIGHT Management Console - estreamer Parsing rules , , , , and were updated to handle logs where no source IP is present. Data Source: SharePoint (ASP) Parsing rules through were updated to to enhance hostname parsing. Data Source: SharePoint (ASP) Parsing rules , , and were added to the SharePoint (ASP) rule set. February 16, 2016 Data Source: Internet Authentication Service - Formatted (ASP) Affected Versions: ESM and above Parsing rule was updated to map the Nas ID, Nas IP, Client-IP-Address, Framed IP Address, Called Station ID, Calling Station ID, Class Data, and Computer Name fields in the log to the External Device Name, Device IP, Source IP, Destination MAC, Source MAC, Destination IP, and Destination Host fields in the ESM. The Messages and Signature ID's have been updated to reflect the packet type and reason code from the logs. Data Source: Internet Authentication Service - XML (ASP) Affected Versions: ESM and above Parsing rule was updated to map the Nas ID, Nas IP, Client-IP-Address, Framed IP Address, Called Station ID, Calling Station ID, Class Data, and Computer Name fields in the log to the External Device Name, Device IP, Source IP, Destination MAC, Source MAC, Destination IP, and Destination Host fields in the ESM. The Messages and Signature ID's have been updated to reflect the packet type and reason code from the logs. Data Source: Internet Authentication Service - Database Compatible Format Affected Versions: ESM and above Parsing rule was added to the Internet Authentication Service - Database Compatible Format rule set. February 17, 2016 Data Source: Network Security Manager (ASP) 1566 Data Source Rules were added to the Network Security Manager (ASP) rule set. 12
13 February 19, 2016 Vendor: Juniper Networks Data Source: Juniper Secure Access / MAG (ASP) Affected Versions: ESM and above Parsing rule was updated to account for a spelling error in the Secure Access log, and will match on either Occured or Occurred. February 23, 2016 Data Source: Network Security Manager (ASP) Added new data source rules: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and to the McAfee Network Security Manager (ASP) data source Data Source: Network Security Manager (ASP) Updated the normalization for data source rules: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and for the McAfee Network Security Manager (ASP) data source February 24, 2016 Vendor: RioRey Data Source: DDOS Protection Parsing rule was added to the RioRey DDOS Protection rule set. Data Source: Windows Event Log - WMI Parsing rules , , , , , and were updated to map Service Name and File Name from the logs to Service_Name and Filename in the ESM. In some cases Service Name from the logs was mapped to Application in the ESM. February 25, 2016 Modifed Rules Data Source: IOS (ASP) Parsing rule was updated with a severity value of 10 and will parse Source IP, Source Port, Destination IP, Destination Port, and Protocol from the logs to Source IP, Source Port, Destination IP, Destination Port and Protocol in the ESM. February 26, 2016 Data Source: NX-OS (ASP) Parsing rules through were added to the Cisco NX-OS (ASP) rule set. Vendor: Cooper Power Systems Data Source: Cybectec RTU (ASP) Parsing rule was added to the Cooper Power Systems Cybectec RTU (ASP) rule set. Vendor: Prevoty Data Source: Prevoty Affected Versions: ESM and above Parsing rules through were added to the Prevoty rule set. Vendor: Cooper Power Systems Data Source: Cybectec RTU (ASP) Parsing rule was updated to support the Console service in addition to Log and Maintenance on the Cooper Power Systems Cybectec RTU (ASP) rule set. Data Source: McAfee Host Data Loss Prevention (epo) Parsing rules , , and were updated to include the product family name of Data Loss Prevention in the adsid map and regular expression matches. 13
14 expression matches. February 29, 2016 Vendor: InterSect Alliance Data Source: Snare for Windows (ASP) Parsing rule was updated to map the Subject Account Name, New Logon Account Name, New Logon Logon ID, Subject Logon ID, New Logon Security ID, New Logon Account Domain, Package Name, Failure Reason, and Failure Information Satus from the log, to the Destination Username, Source Username, Source_Logon_ID, Destination_Logon_ID, Security_ID, Domain, Version, Message_Text, and Status fields in the ESM. The changes were made to improve reporting for event IDs 4624, 4625, 4675, 4648, 4634, 4647, 4649, 4778, 4779, 4800, 4801, 4802, 4803, 5378, 5632, 4672 and March 2, 2016 Vendor: Websense Data Source: Websense - CEF, Key Value Pair (ASP) Parsing rules , , were updated to include the following additional categories: '220 : Security:Compromised Websites', '221 : Extended Protection:Newly Registered Websites', '222 : Collaboration - Office', '223 : Collaboration - Office:Office - Mail', '224 : Collaboration - Office:Office - Drive', '225 : Collaboration - Office:Office - Documents', '226 : Collaboration - Office:Office - Apps', '227 : Information Technology:Web Analytics', '228 : Information Technology:Web and Marketing'. Rule was updated to enhance auto learning for the Websense - CEF, Key Value Pair (ASP) data source. Vendor: Websense Data Source: Websense Enterprise - SQL Pull (ASP) Parsing rules , , and were updated to include the following additional categories: '220 : Security:Compromised Websites', '221 : Extended Protection:Newly Registered Websites', '222 : Collaboration - Office', '223 : Collaboration - Office:Office - Mail', '224 : Collaboration - Office:Office - Drive', '225 : Collaboration - Office:Office - Documents', '226 : Collaboration - Office:Office - Apps', '227 : Information Technology:Web Analytics', '228 : Information Technology:Web and Marketing'for the Websense Enterprise - SQL Pull (ASP) data source. Vendor: Websense Data Source: Websense Enterprise - SQL Pull (ASP) Normalization was updated for Data Source Rules 1029, 1030, 1031, 1035, 1037, 1040, 1041, 1052, 1053, 1054, 1057, 1060, 1061, 1293, 1296, 1310, 1313, 1537, 1553, , and for the Websense Enterprise - SQL Pull (ASP) data source. Vendor: LOGbinder Data Source: LOGbinder (ASP) Parsing rules , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and were updated to map the Statement from the log to the SQL_Statement field in the ESM. Parsing rules through , through , through , , and through were updated to map the Target Object Type from the log to the Object_Type field in the ESM. Parsing rules , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , through , through , through , and were updated to map the Target Object Name from the log to the Object field in the ESM. March 3, 2016 Vendor: Fortinet Data Source: FortiManager (ASP) Parsing rules through , and through were updated to improve parsing username. Vendor: Kaspersky Data Source: Administration Kit - SQL Pull (ASP) Affected Versions: ESM and above Parsing rule was updated to to capture Threat Name from the logs into Threat Name in the ESM. Data Source: Windows Event Log - WMI Parsing rule was updated to parse Old Account Name and New Account Name from the logs into Old Value and New Value in the ESM. 14
15 March 7, 2016 Vendor: LOGbinder Data Source: LOGbinder (ASP) Parsing rules through , were added to the LOGbinder - LOGbinder (ASP) data source. March 8, 2016 Vendor: Palo Alto Networks Data Source: Palo Alto Firewalls (ASP) Parsing rules and were updated to map the Threat_ID and Threat_Severity from the logs to the Incident_ID and Object fields respectively in the ESM. March 9, 2016 Vendor: Cooper Power Systems Data Source: Cybectec RTU (ASP) Parsing rule was added to the Cybectec RTU (ASP) data source. Vendor: Citrix Data Source: NetScaler (ASP) Parsing rules , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , were updated to enhance normalization for Cybectec RTU (ASP) data source. Vendor: RioRey Data Source: DDOS Protection Parsing rule was updated to map zone from the logs into Destination_Zone and Source_Zone on the ESM. Rule message has also been updated to show full context of event. March 11, 2016 Vendor: LOGbinder Data Source: LOGbinder (ASP) Parsing rules through were added to the LOGbinder (ASP) data source. Vendor: LOGbinder Data Source: LOGbinder (ASP) Parsing rules through were updated to account for updated log formats, updated rules also map Performed Logon Type, Item Subject, and Mailbox GUID from the logs into Logon_Type, Subject, and Instance_GUID in the ESM for the LOGbinder (ASP) data source. Vendor: IBM Data Source: ISS SiteProtector - SQL Pull Updated parsing rule to map blocked from the logs to Action in the ESM for the ISS SiteProtector - SQL Pull data source. March 14, 2016 Data Source: IOS IPS (SDEE protocol) Affected Versions: ESM and above Updated parsing rule to capture sd:originator/cid:appname, cid:alertdetails, cid:riskratingvalue, sd:signature/@cid:type, sd:signature/@id, cid:os/@type, sd:signature/marscategory, sd:attacker/sd:addr/@cid:locality, and sd:target/sd:addr/@cid:locality from the logs to application, Message_Text, Reputation, Threat_Category, Incident_ID, objectname, Threat_Name, Source_Zone, and Destination_Zone in the ESM for the IOS IPS (SDEE protocol) data source. March 16, 2016 Vendor: Proofpoint Data Source: Messaging Security Gateway (ASP) Parsing rules through were added to the Messaging Security Gateway (ASP) data source. Data Source: Wireless Lan Controller (ASP) Parsing rules through were added to the Wireless Lan Controller (ASP) data source. 15
16 Vendor: Proofpoint Data Source: Messaging Security Gateway (ASP) Updated parsing rules , , , , , , , , , , , , through , , , , , through , , , , , , through , , , , , , , and to enhance application captures and improve reporting for the Messaging Security Gateway (ASP) data source. Vendor: UNIX Data Source: Linux (ASP) Updated parsing rules , , , , , , , , , , and to enhance parsing and reporting for the Linux (ASP) data source. March 17, 2016 Vendor: UNIX Data Source: Linux (ASP) Parsing rules and were updated to map the DNS Type from the logs into the DNS_Type field in the ESM. The normalization was updated from System -> Misc System Event to Network Access -> DNS. Data Source: Windows DNS (ASP) Parsing rules through and through were updated to map the DNS Type from the logs into the DNS_Type field in the ESM. The normalization was updated from System -> Misc System Event to Network Access -> DNS. March 18, 2016 Vendor: SourceFire Data Source: FireSIGHT Management Console - estreamer Parsing rules and were updated to map the Device ID.Name from the log, when present, to the Sensor_Name field in the ESM. Vendor: Cooper Power Systems Data Source: Cybectec RTU (ASP) Parsing rules , , , and were updated to enhance parsing for the Cybectec RTU (ASP) data source. Data Source: IOS (ASP) Parsing rule , and were updated to enhance parsing and action reporting for the IOS (ASP) data source. Rule has been enhanced to parse source ip and destination ip from the logs into Source IP and Destination IP and the normalization has been updated from Suspicious Activity -> Protocol Anomaly -> TCP Protocol Anomaly to Suspicious Activity -> Invalid Command or Data. Vendor: SourceFire Data Source: FireSIGHT Management Console - estreamer Affected Versions: ESM and above Parsing rules through were added to the FireSIGHT Management Console - estreamer rule set. Vendor: Cooper Power Systems Data Source: Cybectec RTU (ASP) Parsing rules through were added to the Cybectec RTU (ASP) data source. Data Source: IOS (ASP) Parsing rules through were added to the IOS (ASP) data source. March 21, 2016 Data Source: Network Security Manager (ASP) Parsing rule was updated to enhance parsing, the rule will now capture URI referrer, CLI command, Login ID, IP, and Port from the logs into URL, Command, Source IP, and Source Port in the ESM, for the Network Security Manager (ASP) data source. Data Source: Network Security Manager (ASP) Data Source rule was added to the Network Security Manager (ASP) data source. 16
17 March 24, 2016 Vendor: Unix Data Source: Linux (ASP) Parsing rules , , , , , , , , , , , , , , and were updated to account for IPv6 addresses. Parsing rules , , and were updated to remove setting the message from the log text. The updates were made to rules parsing BIND events. Data Source: epolicy Orchestrator (ASP) Parsing rule was updated to map siem_severity as the primary capture and ThreatSeverity as the secondary capture for the Severity field in the ESM. Vendor: Enforcive Data Source: Cross-Platform Audit Parsing rule was added to the Cross-Platform Audit data source. March 25, 2016 Vendor: Wurldtech Data Source: OpShield Parsing rules through were added to the OpShield rule set. Vendor: Reversing Labs Data Source: N1000 Parsing rules through and were added to the N1000 parsing ruleset. Vendor: UNIX Data Source: Linux (ASP) Parsing rules has been added to the Linux ruleset. March 29, 2016 Data Source: PIX/ASA/FWSM (ASP) Updated parsing rules , , through , , , , , , , , , , , , , , and through to improve Normalization and enhance parsing for the PIX/ASA/FWSM (ASP) data source. Parsing Rules , , , , , , , , , , , , , and were updated to map Destination IP, Source IP, Hostname, Shun List, Username, Interface, Destination Interface, and Device Type from the logs to Destination IP, Source IP, Hostname, Objectname, Source Username, Interface, Destination Interface, and External Device Type in the ESM. Data Source: Network Security Manager (ASP) Enhanced Normalizations for data source rules , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , for the Network Security Manager (ASP) data source. Vendor: Citrix Data Source: NetScaler (ASP) Affected Versions: ESM and above Parsing rules , , , , , , and were updated to remove time captures. Event times are now derived from the syslog header. 17
18 March 30, 2016 Vendor: Aruba Data Source: Aruba OS Updated rules , , , , , , , , , to enhance parsing for the Aruba OS data source. March 31, 2016 Data Source: Windows Event Log - WMI Parsing rules , , and were added to the Windows Event Log - WMI data source Data Source: EWS v5 / Gateway Original Format - Legacy - (ASP) Updated parsing rule to capture all attachments listed in the logs the logs into File_Path in the ESM, for the EWS v5 / Gateway Original Format - Legacy - (ASP) data source. April 01, 2016 Data Source: NX-OS (ASP) Parsing rules , , , through , , , through , , , , , , through , , , , , , through , , through , , , , , through , through , , , through , , , , through , through , through , , , through , , , through , , through , through , , through , , , and were updated to enhance parsing. The rules in this data source had been parsing Interface and Port from the logs into Object in the ESM, they will now parse Interface and Port from the logs into Interface in the ESM for the NX-OS (ASP) data source. April 04, 2016 Vendor: Raz-Lee Security Data Source: isecurity Suite (ASP) Parsing rules through were added to the isecurity Suite (ASP) data source. Vendor: Raz-Lee Security Data Source: isecurity Suite (ASP) Parsing rules through were updated to enhance parsing, the rules were also updated to map Job, Job Type, Document, and MsgID from the logs into Mainframe_Job_Name, Job_Type, Filename, and Message_ID in the ESM for the isecurity Suite (ASP) data source. April 07, 2016 Vendor: Good Technology Data Source: Good Mobile Control (ASP) Parsing rules , , , and were updated to enhance parsing for the Good Mobile Control (ASP) data source. April 08, 2016 Vendor: Enforcive Data Source: Cross-Platform Audit Updated parsing rule to map Event Status, Application, Action, Destination Process, and Message from the logs into Event Subtype, Application, Command, Target_Process_Name, and Signature_Name in the ESM, for the Cross-Platform Audit data source. Data Source: Advanced Threat Defense Parsing rule was updated to enhance parsing for the Advanced Threat Defense data source. Vendor: Vormetric Data Source: Data Security (ASP) Parsing rule was updated to enhance parsing for the Data Security (ASP) data source. April 21, 2016 Vendor: Palo Alto Networks Data Source: Palo Alto Firewalls (ASP) Affected Versions: ESM and above Updated parsing rules and to account for parenthesis in rule messages for the Palo Alto Firewalls (ASP) data source. 18
19 April 26, 2016 Data Source: Windows Event Log - WMI Parsing rules , , , , , , , , , , , , , , , , , , , and were added to the Windows Event Log - WMI rule set. May 3, 2016 Data Source: epolicy Orchestrator (ASP) Parsing rules and was updated to map ThreatSeverity as the primary capture and siem_severity as the secondary capture for the Severity field in the ESM. Also, the mapping for the Severity values has been enhanced. May 5, 2016 Vendor: Fortinet Data Source: FortiGate UTM - Space Delimited - (ASP) Parsing rules , , , , , , , , , , , , , , , , , , , , , and were updated to map status as the primary capture and action as the secondary capture for the Event Subtype field in the ESM. May 5, 2016 Vendor: Fortinet Data Source: FortiGate UTM - Comma Delimited - (ASP) Parsing rules , , , , , , , and were updated to map status as the primary capture and action as the secondary capture for the Event Subtype field in the ESM. May 9, 2016 Vendor: Fortinet Data Source: FortiGate UTM - Space Delimited - (ASP) Parsing rule was updated to add timeout to the action map. Vendor: Proofpoint Data Source: Messaging Security Gateway (ASP) Affected Versions: ESM and above Updated parsing rules , , , , , , , , , , , , , , and to reduce the possibility of overlapping rules for the Messaging Security Gateway (ASP) data source. May 11, 2016 Data Source: Windows Event Log - WMI Updated parsing rule for the Windows Event Log - WMI data source to enhance Domain and Hostname Parsing. May 16, 2016 Vendor: SourceFire Data Source: FireSIGHT Management Console - estreamer Affected Versions: ESM and above Parsing rules and were updated to account for minor changes in the log format. The Threat_Name field mapping was removed as it no longer matches the context of the event. May 18, 2016 Vendor: Tufin Data Source: SecureTrack (ASP) Updated parsing rules through for the SecureTrack (ASP) data source with new versions to enhance action mapping, support additional time formats, and improve normalization and severity. May 23,
20 Data Source: Windows Event Log - WMI Affected Versions: ESM and above Parsing rules through , through , through , through , through , , through , through , through , through , through , , through , through , , , , through , through , , through , through , through , through , , , through , , through , through , through , through , , , , through , through , through , through , through , through , through , through , , , , , , , , through , , through , , , , , , , , , through , , through , through , through , through , , , , through , , , through , , , , , , , , through , through , , , , , , , , through , , , , through , , , through , , , , through , , , , , , through , through , through , through , through , through , , , through , through , , through , , , , , , through , through , , , , , through , , through , through , through , through , through , through , through , , , , , through , , through , through , through , through , through , through , , , , , , , through , , through , through , through , , , through , through , through , through , through , through , through , through , through , through , through , , through , through , through , through , through , , , , through , , , through , , through , , , , through , through , through , through , through , through , , through , through , through , through , and were added to the Windows Event Log - WMI rule set. Data Source: Windows Event Log - WMI Affected Versions: ESM and above Parsing rules , , and were modified for the Windows Event Log - WMI rule set. May 24, 2016 Data Source: PIX/ASA/FWSM (ASP) Updated parsing rule for the PIX/ASA/FWSM (ASP) data source to enhance Source IP parsing. May 25, 2016 Data Source: Web Gateway (ASP) Parsing rules through were added to parse Audit events from the Web Gateway (ASP) data source. Data Source: PIX/ASA/FWSM (ASP) Updated parsing rule for the PIX/ASA/FWSM (ASP) data source to enhance Source IP and Destination IP parsing. 20
21 May 26, 2016 Data Source: PIX/ASA/FWSM (ASP) Updated parsing rule for the PIX/ASA/FWSM (ASP) data source map Source IP from the log into Source IP in the ESM. May 27, 2016 Vendor: Palo Alto Networks Data Source: Palo Alto Firewalls (ASP) Added parsing rule Palo Alto Firewalls (ASP) data source. Vendor: Palo Alto Networks Data Source: Palo Alto Firewalls (ASP) Updated parsing rules through , , , , , , , , and for the Palo Alto Firewalls (ASP) data source to enhance parsing. June 2, 2016 Vendor:Interset Data Source: Interset Affected Versions: ESM and above Added support for the Interset data source. Data Source: Windows Event Log - WMI Parsing rules , , , , , and were updated to map the direction from the log, to the Direction field in the ESM. Data Source: Windows Event Log - WMI 301 Parsing rules were added to the Windows Event Log - WMI data source to parse events from HealthService and OpsMgr SDK Service. June 06, 2016 Vendor: UNIX Data Source: Linux (ASP) Parsing rule , , and was added to the Linux (ASP) data source. Vendor: UNIX Data Source: Linux (ASP) Updated parsing rules , , , , , , , , through , , , , , , , , , , , , , , and for the Linux (ASP) data source to enhance parsing. Parsing rules , , and have been deprecated. June 08, 2016 Vendor: Globalscape Data Source: Globalscape EFT Added support for the Globalscape EFT data source. Parsing rule was added to the Globalscape EFT data source. Vendor: SafeNet Data Source: Hardware Security Modules (ASP) Parsing rule was added to the Hardware Security Modules (ASP) data source. Vendor: Blue Coat Data Source: Reporter Added support for the Reporter data source. Parsing rule was added to the Reporter data source. Vendor: SafeNet Data Source: Hardware Security Modules (ASP) Updated parsing rules through , , through , , and for the Hardware Security Modules (ASP) data source. June 13, 2016 Data Source: IOS (ASP) Affected Versions: ESM and above Parsing rules , , and for the IOS (ASP) data source to enhance parsing. 21
Release Notes ArcSight SmartConnector
Release Notes ArcSight SmartConnector 7.0.4.7088 June 30, 2014 Release Notes ArcSight SmartConnector 7.0.4.7088 June 30, 2014 Copyright 2014 Hewlett-Packard Development Company, L.P. Confidential computer
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector Release Notes 7.6.0.8009.0 May 15, 2017 HPE Security ArcSight SmartConnector Release Notes 7.6.0.8009.0 May 15, 2017 Copyright 2010 2017 Hewlett Packard
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector Parser Update Release Notes 7.6.2.8023.0 July 14, 2017 HPE Security ArcSight SmartConnector Parser Update Release Notes 7.6.2.8023.0 July 14, 2017 Copyright
More informationStonesoft Management Center. Release Notes Revision A
Stonesoft Management Center Release Notes 5.10.2 Revision A Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...
More informationSecureVue. Version Supported Technologies List Updated: July 2015
SecureVue Version 3.6.7.4 Supported Technologies List Updated: July 2015 SecureVue The following table provides a detailed list of all network devices, security devices, hosts, applications, and databases
More informationStonesoft Management Center. Release Notes Revision A
Stonesoft Management Center Release Notes 5.10.5 Revision A Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...
More informationLeveraging Open-Source Intelligence (OSINT)
Leveraging Open-Source Intelligence (OSINT) How Social Footprints Lead to Cyber Risk Chris Coryea International Cyber Intelligence Services Manager 2017 LEIDOS. ALL RIGHTS RESERVED. The wording LEIDOS
More informationConfiguring Antivirus Devices
CHAPTER 9 Revised: November 11, 2007 Antivirus (AV) devices provide detection and prevention against known viruses and anomalies. This chapter describes how to configure and add the following devices and
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationIntegrate Palo Alto Traps. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: August 16, 2018 Abstract This guide provides instructions to configure Palo Alto Traps to send its syslog to EventTracker Enterprise. Scope The configurations
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationUSM Anywhere AlienApps Guide
USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,
More informationMcAfee Enterprise Security Manager. Data Source Configuration Guide. Bit9 Parity Suite. Data Source: February 4, Bit9 Parity Suite Page 1 of 8
McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: Bit9 Parity Suite February 4, 2015 Bit9 Parity Suite Page 1 of 8 Important Note: The information contained in this document
More informationMicrosoft Forefront Security For Sharepoint User Guide
Microsoft Forefront Security For Sharepoint User Guide Updated security guides: Take advantage of the deep security expertise and best practices in the Applying the Principle of Least Privilege to User
More informationStonesoft Management Center. Release Notes Revision A
Stonesoft Management Center Release Notes 6.1.3 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 4 New features on page 5 Enhancements
More informationReference Guide Revision B. McAfee Cloud Workload Security 5.0.0
Reference Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee
More informationNGFW Security Management Center
NGFW Security Management Center Release Notes 6.2.4 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 4 New features on page 5
More informationMcAfee Enterprise Security Manager. Authentication Content Pack Documentation
McAfee Enterprise Security Manager Authentication Content Pack Documentation Content Pack Version: 1.2.0 ESM Version: 9.5.0 August 9, 2016 Authentication Content Pack Page 1 of 16 Contents 1 Introduction
More informationPulse Policy Secure. Supported Platforms Guide. PPS 9.0R3 Build For more information, go to
Supported Platforms Guide Pulse Policy Secure Supported Platforms Guide PPS 9.0R3 Build- 51661 For more information, go to www.pulsesecure.net/products Product Release Published Revision Pulse Secure,
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationMcafee Network Intrusion Detection System. Project Report >>>CLICK HERE<<<
Mcafee Network Intrusion Detection System Project Report Selecting an intrusion detection and prevention system vendor can be a IDS/IPS protection, the current network configuration and the project budget,
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationArbor Networks Pravail
McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: Arbor Networks Pravail January 30, 2015 Arbor Networks Pravail Page 1 of 7 Important Note: The information contained in this
More informationSAS and F5 integration at F5 Networks. Updates for Version 11.6
SAS and F5 integration at F5 Networks Updates for Version 11.6 Managing access based on Identity Employees Partner Customer Administrator IT challenges: Control access based on user-type and role Unify
More informationHP ArcSight Port and Protocol Information
Important Notice HP ArcSight Port and Protocol Information The information (data) contained on all sheets of this document constitutes confidential information of Hewlett- Packard Company or its affiliates
More informationHPE Secur & HPE Secur Cloud
HPE SecureMail & HPE SecureMail Cloud Product Lifecycle Status October 27, 207 207 HPE Security - Data Security INTRODUCTION HPE SecureMail Product Lifecycle Status The Product Lifecycle Status lists the
More informationStonesoft Management Center. Release Notes Revision B
Stonesoft Management Center Release Notes 6.1.1 Revision B Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...
More informationConsumerization. Copyright 2014 Trend Micro Inc. IT Work Load
Complete User Protection Consumerization IT Work Load 2 Then... File/Folder & Removable Media Email & Messaging Web Access Employees IT Admin 3 Now! File/Folder & Removable Media Email & Messaging Web
More informationMcAfee SIEM Port Usage by Appliance
McAfee SIEM Port Usage by Appliance Application Direction Port(s) Protocol Destination / Description ETM Enterprise Security Manager Active Directory out 389, 3268 tcp Active Directory. Port 3268 is used
More informationOperator s Guide. Modified: Copyright 2018, Juniper Networks, Inc.
Operator s Guide Modified: 2018-06-29 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper Networks logo, Juniper, and Junos
More informationMcAfee Network Security Platform 8.1
Revision M McAfee Network Security Platform 8.1 (Integration Guide) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More informationCyberArk Privileged Account Security
CyberArk Privileged Account Security Nedim Toroman, Business Development Manager Veracomp security Critical Steps to Stopping Advanced Threats Discover all of your Privileged Accounts Protect and Manage
More informationBarracuda Networks Spam Firewall
McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: Barracuda Networks Spam Firewall January 30, 2015 Barracuda Networks Spam Firewall Page 1 of 7 Important Note: The information
More informationIntegrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation
Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation Configuration Example March 2018 2018 Juniper Networks, Inc. Juniper Networks, Inc. 1133
More informationRelease Notes ( ) Digi TransPort LR Product Family
Release Notes (93000809) Digi TransPort LR Product Family Version 3.2.0.6 December, 2017 INTRODUCTION This is a production firmware release for the Digi Transport LR product family. SUPPORTED PRODUCTS
More informationIntegrating ClearPass/ArcSight and Network Threat Detection
ArcSight ESM SIEM Integration Integrating ClearPass/ArcSight and Network Threat Detection Version Date Modified By Comments 0.1 & 0.2 Jan 2016 Danny Jump Internal Early Draft Versions 1.0 Feb 2016 Danny
More informationMcAfee Endpoint Security
Release Notes 10.5.3 Contents About this release What's new Resolved issues Installation information Known issues Getting product information by email Where to find product documentation About this release
More informationAdministration of Symantec Cyber Security Services (July 2015) Sample Exam
Administration of Symantec Cyber Security Services (July 2015) Sample Exam Contents SAMPLE QUESTIONS... 1 ANSWERS... 6 Sample Questions 1. Which DeepSight Intelligence Datafeed can be used to create a
More informationMulti-Vendor Support List
NetBrain Integrated Edition 7.0 Multi-Vendor Support List Version 7.0b Last Updated 2017-07-25 Copyright 2004-2017 NetBrain Technologies, Inc. All rights reserved. Multi-vendor Support List NetBrain can
More informationKASPERSKY ENDPOINT SECURITY FOR BUSINESS
KASPERSKY ENDPOINT SECURITY FOR BUSINESS 1 WHAT WE SEE TODAY 325,000 New Endpoint Threats per day Targeted attacks and malware campaigns Threat reports Continued Exploitation of Vulnerabilities in 3rd
More informationRelease Notes for Cisco Security MARS Appliance 6.1.7
Release Notes for Cisco Security MARS Appliance 6.1.7 Last Published: December 10, 2012 Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should
More informationWeb Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates
Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates A test commissioned by McAfee, Inc. and performed by AV-Test GmbH Date of the report: December 7 th, 2010 (last
More informationMcAfee Network Security Platform 9.1
9.1.7.15-9.1.5.9 Manager-NS-series Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More informationIntroduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike
Anonymous Application Access Product Brief Contents Introduction 1 The Safe-T Solution 1 How It Works 2-3 Capabilities 4 Benefits 4 List 5-11 Introduction With the move to the digital enterprise, all organizations
More informationMcAfee Network Security Platform 8.3
Revision J McAfee Network Security Platform 8.3 (Integration Guide) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More informationInfoblox as Part of the Ecosystem
Infoblox Core Exchange Infoblox Core Exchange is a highly-interconnected set of ecosystem integrations that extend security, increase agility, and provide situational awareness for more efficient operations,
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationTop 10 use cases of HP ArcSight Logger
Top 10 use cases of HP ArcSight Logger Sridhar Karnam @Sri747 Karnam@hp.com #HPSecure Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for
More informationMcAfee Enterprise Security Manager 10.3.x Release Notes
McAfee Enterprise Security Manager 10.3.x Release Notes Contents Installation information What's new in update 10.3.4 Resolved issues in update 10.3.4 Migrating from Flash to HTML Installation information
More informationForescout. Work with IPv6 Addressable Endpoints. How-to Guide. Forescout version 8.1
Forescout Forescout version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl):
More informationStonesoft Management Center. Release Notes Revision B
Stonesoft Management Center Release Notes 6.1.0 Revision B Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...
More informationNGFW Security Management Center
NGFW Security Management Center Release Notes 6.4.3 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 4 New features on page 5
More informationSkybox. Reference Guide Revision: 11
Skybox Reference Guide 8.5.300 Revision: 11 Proprietary and Confidential to Skybox Security. 2017 Skybox Security, Inc. All rights reserved. Due to continued product development, the information contained
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationMcAfee Endpoint Threat Defense and Response Family
Defense and Family Detect zero-day malware, secure patient-zero, and combat advanced attacks The escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing
More informationIBM CLOUD APP ANALYTICS FOR QRADAR
IBM CLOUD APP ANALYTICS FOR QRADAR Getting Started Updated: March 6, 2017 Copyright IBM Corp. 2017 Introduction This document provides instructions for installing, configuring, and using IBM Cloud App
More informationTest Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version
Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version ACE Exam Question 1 of 50. Which of the following statements is NOT True regarding a Decryption Mirror interface? Supports SSL outbound
More informationBolster Your IR Program. Eric Sun, Solutions Mgr, Incident Detection &
Bolster Your IR Program Eric Sun, Solutions Mgr, Incident Detection & Response @exalted What is the Attack Chain, and why map to it? Today s state of Incident Detection & Response Rapid7 approach to Investigations
More informationSRX als NGFW. Michel Tepper Consultant
SRX als NGFW Michel Tepper Consultant Firewall Security Challenges Organizations are looking for ways to protect their assets amidst today s ever-increasing threat landscape. The latest generation of web-based
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.
I n t r o d u c t i o n The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and
More informationNGFW Security Management Center
NGFW Security Management Center Release Notes 6.4.4 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 5 New features on page 5
More informationNoTouch Center Release Notes Brought to you by 10ZiG
NoTouch Center Release Notes Brought to you by 10ZiG This file describes changes between software releases. Please note that not all features may be present in a specific build or version due to license,
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationMcAfee Network Security Platform 8.3
8.3.7.64-8.3.5.47 Manager-NS-series Release Notes McAfee Network Security Platform 8.3 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More informationSecurity Made Simple by Sophos
Security Made Simple by Sophos Indian businesses in the radar of cyber-threats Frequency of cyber-attacks Most targeted systems / IT assets -- KPMG Cybercrime Survey Report 2015 3 ON AN AVERAGE, HOW MUCH
More informationRelease Notes for Snare Linux Agent Release Notes for Snare for Linux
Release Notes for Snare for Linux InterSect Alliance International Pty Ltd Page 1 of 17 About this document This document provides release notes for the Snare Enterprise Agent for Linux. InterSect Alliance
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationHigh Availability Synchronization PAN-OS 5.0.3
High Availability Synchronization PAN-OS 5.0.3 Revision B 2013, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Device Configuration... 4 Network Configuration... 9 Objects Configuration...
More informationCYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I
DOCUMENT* PRESENTED BY CYBER SECURITY formerly Wick Hill * Nuvias and the Nuvias logo are trademarks of Nuvias Group. Registered in the UK and other countries. Other logo, brand and product names are trademarks
More informationIDP Detector Engine Release Notes
IDP Detector Engine Release Notes Part Number: 530-029025-01 Revision January 15, 2009 Contents Recent Release History...2 IDP Detector Engine Overview...3 Understanding IDP Detector Engine Version Numbers...3
More informationMcAfee Network Security Platform 8.3
8.3.7.68-8.3.7.55-8.3.7.14 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions
More informationTest - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version
Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version ACE Exam Question 1 of 50. Traffic going to a public IP address is being translated by your Palo Alto Networks firewall to your
More informationMCAFEE INTEGRATED THREAT DEFENSE SOLUTION
IDC Lab Validation Report, Executive Summary MCAFEE INTEGRATED THREAT DEFENSE SOLUTION Essential Capabilities for Analyzing and Protecting Against Advanced Threats By Rob Ayoub, CISSP, IDC Security Products
More informationVenusense UTM Introduction
Venusense UTM Introduction Featuring comprehensive security capabilities, Venusense Unified Threat Management (UTM) products adopt the industry's most advanced multi-core, multi-thread computing architecture,
More informationNGFW Security Management Center
NGFW Security Management Center Release Notes 6.3.2 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 5 New features on page 5
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationForeScout CounterACT Version 8.0.1
September 2018 About this Release ForeScout CounterACT version 8.0.1 delivers important fixed issues and feature enhancements. The following information is available: System Requirements Feature Enhancements
More informationLog Sources Users Guide
Security Threat Response Manager Release 2010.0 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2011-10-10 Copyright Notice Copyright 2011
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationCommercial Product Matrix
PRODUCT MATRIX 1H2016 FOR INTERNAL USE ONLY Trend Micro Commercial Product Matrix SELLING TREND MICRO SECURITY SOLUTIONS Small Business or /Medium Business? < 100 Users > 100 Users Trend Micro Customer
More informationMcAfee Security Connected Integrating epo and MFECC
McAfee Security Connected Integrating epo and MFECC Table of Contents Overview 3 User Accounts & Privileges 3 Prerequisites 3 Configuration Steps 3 Value Add 12 FOR INTERNAL AND CHANNEL USE ONLY Rev 1
More informationMcAfee Network Security Platform 8.3
8.3.7.28-8.3.3.9 Manager-Mxx30-series Release Notes McAfee Network Security Platform 8.3 Revision C Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationCisco Vpn Client User Guide For Windows Chapter 2
Cisco Vpn Client User Guide For Windows Chapter 2 Port Used by AnyConnect and the Legacy VPN Client 32. CHAPTER 2 Step 7 Click Edit and choose User Configuration _ Windows Settings _ Internet. Downloads:
More informationCounterACT Switch Plugin
CounterACT Switch Plugin Version 8.9.5 Table of Contents About the Switch Plugin... 5 Plugin Architecture... 5 Communication between the Switch Plugin and Switches... 6 Multi-Process Switch Plugin Architecture...
More informationARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018
REVISED 6 NOVEMBER 2018 Table of Contents Architectural Overview Workspace ONE Logical Architecture GUIDE 2 VMware Workspace ONE Cloud-Based Reference Architecture - Architectural Overview Architectural
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationNGFW Security Management Center
NGFW Security Management Center Release Notes 6.3.0 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 5 New features on page 5
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationNGFW Security Management Center
NGFW Security Management Center Release Notes 6.5.3 Revision A Contents About this release on page 2 System requirements on page 2 Build number and checksums on page 4 Compatibility on page 5 New features
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationFor a full description of Wi-Fi Cloud features and functionality, see WatchGuard Wi-Fi Cloud Help.
WatchGuard Wi-Fi Cloud Release Notes Latest Wi-Fi Cloud Update 31 May 2018 Release Notes Revision Date 31 May 2018 Current Wi-Fi Cloud Version 8.5.0-658 Introduction WatchGuard Wi-Fi Cloud is a powerful,
More informationMcAfee Network Security Platform 8.3
8.3.7.28-8.3.7.6 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision B Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationProduct Guide Revision B. McAfee Cloud Workload Security 5.0.0
Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee
More informationThreat Detection and Response. Deployment Guide
Threat Detection and Response Deployment Guide About This Guide The Threat Detection and Response Getting Started Guide is a guide to help you set up the Threat Detection and Response subscription service.
More informationMcAfee Endpoint Security
McAfee Endpoint Security Frequently Asked Questions Overview You re facing new challenges in light of the increase of advanced malware. Limited integration between threat detection, network, and endpoint
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationMOVE AntiVirus page-level reference
McAfee MOVE AntiVirus 4.7.0 Interface Reference Guide (McAfee epolicy Orchestrator) MOVE AntiVirus page-level reference General page (Configuration tab) Allows you to configure your McAfee epo details,
More information