Integrate Saint Security Suite. EventTracker v8.x and above

Similar documents
Integrate Fortinet Firewall. EventTracker v8.x and above

Integrate Cb Defense. EventTracker v8.x and above

Integration of Phonefactor or Multi-Factor Authentication

Integrate HP ProCurve Switch

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Integrate TippingPoint EventTracker Enterprise

Integrate NGINX. EventTracker v8.x and above

Integrate IIS SMTP server. EventTracker v8.x and above

Integrate Malwarebytes EventTracker Enterprise

Integrate Sophos Appliance. EventTracker v8.x and above

Integrate Microsoft Antimalware. EventTracker v8.x and above

Integrate Microsoft ATP. EventTracker v8.x and above

Integrate Windows PowerShell

Integrate pfsense EventTracker Enterprise

Integrate EMC Isilon. EventTracker v8.x and above

Integrate Cisco IronPort Security Appliance (ESA)

Integrate Microsoft Office 365. EventTracker v8.x and above

Integrate F5 BIG-IP LTM

Integrate MySQL Server EventTracker Enterprise

Integrate Meraki WAP. EventTracker Enterprise. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Viper business antivirus EventTracker Enterprise

Integrate Veeam Backup and Replication. EventTracker v9.x and above

Integrate Cisco IOS Publication Date: April 15, 2016

Integrate Dell FORCE10 Switch

Integrate Barracuda Spam Firewall

Integrating Barracuda SSL VPN

Integrate Juniper Secure Access VPN

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Integrate Microsoft Hyper-V Server

Integrate Citrix NetScaler

Integrate Palo Alto Traps. EventTracker v8.x and above

SECURE FILE TRANSFER PROTOCOL. EventTracker v8.x and above

Integrate A10 ADC Publication Date: September 3, 2015

Integrate Trend Micro InterScan Web Security

Integrate McAfee Firewall Enterprise VPN

Integrate Cisco Sourcefire

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

Integrate Check Point Firewall. EventTracker v8.x and above

Integrate Cisco Switch

Integrating Cyberoam UTM

Integrate Salesforce. EventTracker v8.x and above

Integrate Sophos UTM EventTracker v7.x

Integrate Apache Web Server

Integrating Terminal Services Gateway EventTracker Enterprise

Integrate Microsoft IIS

Receive and Forward syslog events through EventTracker Agent. EventTracker v9.0

How To Embed EventTracker Widget to an External Site

Integrate Citrix Access Gateway

Integrating Imperva SecureSphere

Integrate Aventail SSL VPN

Integrate VMware ESX/ESXi and vcenter Server

Integrate Kaspersky Security Center

Integrating Microsoft Forefront Unified Access Gateway (UAG)

8815 Centre Park Drive Columbia MD Publication Date: Dec 04, 2014

Integrating Cisco Distributed Director EventTracker v7.x

Product Update: ET82U16-029/ ET81U EventTracker Enterprise

Port Configuration. Configure Port of EventTracker Website

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Integrate WatchGuard XTM. EventTracker Enterprise

EventTracker v7.x. Integrating Cisco Catalyst. EventTracker 8815 Centre Park Drive Columbia MD

Integrating LOGbinder SP EventTracker v7.x

Enhancement in Network monitoring to monitor listening ports EventTracker Enterprise

Geolocation and hostname resolution while Elasticsearch indexing. Update Document

Integrate Trend Micro Control Manager. EventTracker v8.x and above

Event Correlator. EventTracker v8.x

Service Pack ET90U Feature Document

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

Agent Installation Using Smart Card Credentials Detailed Document

IIS Web Server Configuration Guide EventTracker v8.x

Secure IIS Web Server with SSL

Remote Indexing Feature Guide

Security Scorecard in Flex Dashboard

Integrate APC Smart UPS

EventTracker Upgrade Guide. Upgrade to v9.0

Integrate Cisco VPN Concentrator

Enhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise

Configuring TLS 1.2 in EventTracker v9.0

IIS Web Server Configuration Guide EventTracker v9.x

Integrate Routing and Remote Access Service (RRAS) EventTracker v8.x and above

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Integrate Grizzly steppe attacks detection script

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

New Features Guide EventTracker v6.2

Enable Auditing in Open LDAP on Linux Server

EventTracker: Backup and Restore Guide Version 9.x

Upgrade Guide. Upgrading to EventTracker v7.1 Enterprise. Upgrade Guide Centre Park Drive Publication Date: Apr 11, 2011.

Integrate Mimecast Secure Gateway. EventTracker v8.x and above

Feature List. EventTracker v7.6. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Sep 15, 2014

Feature List. EventTracker v9.0

Direct Log Archiver Configuration Guide Version 8.x

Installation Guide Install Guide Centre Park Drive Publication Date: Feb 11, 2010

Integrate Clavister Firewall

EventTracker Manual Agent Deployment User Manual Version 7.x

EventTracker Manual Agent Deployment User Manual

Agent health check enhancements Detailed Document

Adding Tokens in Flex Report

Configure Alerts. EventTracker v6.x. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Jun 12, 2009

EventVault Introduction and Usage Feature Guide Version 6.x

Transcription:

EventTracker v8.x and above Publication Date: June 6, 2018

Abstract This guide provides instructions to configure Saint Security Suite to send crucial events to EventTracker Enterprise by means of syslog. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 8.x and later, and Saint Security Suite version up to 9.1. Audience Saint Security Suite users, who wish to forward its events to EventTracker Manager and monitor them using EventTracker Enterprise. The information contained in this document represents the current view of EventTracker. on the issues discussed as of the date of publication. Because EventTracker must respond to changing market conditions, it should not be interpreted to be a commitment on the part of EventTracker, and EventTracker cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. EventTracker MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from EventTracker, if its content is unaltered, nothing is added to the content and credit to EventTracker is provided. EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from EventTracker, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2018 EventTracker Security LLC. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 1

Table of Contents Abstract...1 Scope...1 Audience...1 Overview...3 Prerequisites...3 Integrating Saint Security Suite with EventTracker...3 Integration Prerequisites...3 API Configuration...3 API Tokens...4 Integrate Saint to EventTracker...5 Verify Saint Security Suite Integration in EventTracker...8 Verify generated credential csv...8 Verify DLA configuration...8 Verify Task is created in Task Scheduler...10 EventTracker Knowledge Pack...12 Categories...12 Flex Reports...13 Import Saint Security Suite Knowledge Pack into EventTracker...17 Import Category...17 Import Knowledge Object...18 Token Template...21 Import Flex Reports...22 Verify Saint Knowledge Pack...24 Verify Categories...24 Verify Knowledge Object...24 Token Template...25 Verify Flex Reports...26 Create Dashboards in EventTracker...27 Schedule Reports...27 Create Dashlets...30 Sample Dashboards...34 2

Overview SAINT s fully-integrated suite of assessment, analytics and reporting capabilities provide ROI by discovering a wide range of vulnerabilities and exposures to your network, end-points, content and the tools to focus resources on issues of the highest business impact. It provides comprehensive security product and service solutions to support the program development, assessment and reporting demands for many of today s industry compliance standards, to include PCI, FISMA, HIPAA, SOX and NERC CIP. EventTracker collects and analyses scanner events and enlightens an administrator about security violations, and various vulnerabilities. Prerequisites EventTracker 8.x and above should be installed. Saint Security Suite version up to 9.1 needs to be installed. PowerShell version 4.0 and above needs to be installed. Integrating Saint Security Suite with EventTracker Saint Security Suite is integrated to EventTracker with the help of Saint API using PowerShell. Below are the two prerequisites to be checked and obtained before running the PowerShell script. Integration Prerequisites API Configuration To configure the API, Log into the web interface and click on Configuration, then API. API Port by default is 4242. And in Allowed API Clients field enter * as shown below, which applies to all clients connected API. 3

Figure 1 Click on Save. API Tokens Every API call requires a token, which identifies and authenticates the user on whose behalf the call is being made. The API token for the desired user can be determined either through the graphical user interface (GUI) or through API calls. Generating API Token To generate an API token through the GUI: 1. Log into SAINT using the web interface. 2. Click on Profile. 4

Figure 2 3. If an API token has not yet been created, click Create. 4. The API token appears beside the label API Token. Tokens generated in the GUI do not expire. 5. Click on Save. Figure 3 NOTE: Make a note of the API token that is generated. It will be used in the script later on. Integrate Saint to EventTracker The Saint integrator package needs to be obtained from the EventTracker support team. The Integrator package will be obtained in a Zip file format. Extract the files to get the below contents as shown in the figure. 5

Figure 4 Right-click on the Saint Integrator.bat and run as administrator to start the integration process. Once you click the.bat, you will get a pop up window as shown in below figure: Figure 5 In the pop-up window that appeared, enter details as explained below, Saint Vulnerability Scanner Hostname: Enter only Hostname, (e.g. if the url is https://contoso.com:9394 enter only contoso.com in the Hostname field) API Token: Enter API token as shown in the above Figure 3. Once the details are entered, click on OK. Now a task scheduler trigger pop-up window appears as shown in below image: 6

Figure 6 In this task scheduler window, you need to choose how you want to schedule the Saint reports, on a Daily, Weekly or Monthly basis. Click on OK once you choose the scheduling period. Once Clicked on OK an authentication pop up window will appear asking for Username and password as shown below: Figure 7 Please enter your Administrator System Username and Password to proceed with the Task Scheduling. Click on OK to continue. 7

Figure 8 Configuration is now complete. Verify Saint Security Suite Integration in EventTracker Verify generated credential csv Once the script run is complete, the first thing that would be done is a SaintConf.csv will be created in the same path where the script is present. Saint Url and API token should be present in it. Verify DLA configuration Next step is to verify if DLA is created or not. Log in to EventTracker. Figure 9 Click on Admin tab, and in the drop down click on Manager option. In the Manager configuration page, click on Direct Log Achiever tab. Make sure Direct log file achieving from external sources checkbox is checked and click on Edit to check if the DLA configurations are done correctly. 8

Figure 10 Once that is done, go to the same folder where the script is present. You should find a folder created by the name SaintReports. Figure 11 9

Within the SaintReports folder you will find a Completed folder and Saint.ini file, which confirms that the DLA creation was successful as shown in the below figure: Figure 12 Verify Task is created in Task Scheduler Go to Start and open Task Scheduler to confirm if the scheduling action is created or not. Below given image shows the Saint Task that is created for scheduling. Figure 13 Make sure the task is created to run from the same path where the script is kept. 10

Figure 14 Check if the Task Scheduler is configured correctly with the right conditions to trigger the task, with the specified date and time that it needs to run. Also specify the time when you need the task to trigger on a daily, monthly or hourly basis. 11

Figure 15 Saint Integration is now completed with EventTracker to receive Saint Events. EventTracker Knowledge Pack Once logs are received into EventTracker, Categories and Reports can be configured into EventTracker. The following Knowledge Packs are available in EventTracker Enterprise to support Windows. Categories Saint- Vulnerability detection- This category based report provides information related to all the vulnerabilities that is detected by the Saint scanner. Saint- Vulnerability checks- This category based report provides information related to all the vulnerability checks available in Saint scanner. 12

Saint- User details- This category based report provides information related to all the user details. Saint- Policy details- This category based report provides information related to all the policy details that is set in the Saint scanner. Flex Reports Saint- Vulnerability detection - This report provides information related to all the vulnerabilities that is detected by the Saint scanner. Logs Considered: Figure 16 Figure 17 13

Saint- Vulnerability checks- This report provides information related to all the vulnerability checks available in Saint scanner. Logs Considered: Figure 18 Figure 19 14

Saint- User details- This report provides information related to all the user details, user login failure, and user permission changes. Logs Considered: Figure 20 Figure 21 Saint- Policy details- This report provides information related to all the policy details that is set in the Saint scanner. 15

Figure 22 Logs Considered: Figure 23 16

Import Saint Security Suite Knowledge Pack into EventTracker NOTE: Import knowledge pack items in the following sequence: Categories Knowledge Objects Token Templates Flex Reports NOTE: Export knowledge pack items in the following sequence: Categories Knowledge Objects Token Templates Flex Reports 1. Launch EventTracker Control Panel. 2. Double click Export Import Utility, and then click the Import tab. Import Category Figure 24 1. Click Category option, and then click the browse button. 17

Figure 25 2. Locate Saint_Categories.iscat file, and then click the Open button. 3. To import categories, click the Import button. 4. EventTracker displays success message. Figure 26 5. Click OK, and then click the Close button. Import Knowledge Object 1. Click the Admin menu, and then click Knowledge Objects. 2. Click on Import option. 18

Figure 27 3. In IMPORT pane click on Browse button. Figure 28 4. Locate Saint_Knowledge objects.etko file, and then click the UPLOAD button. 19

Figure 29 5. Now select the check box and then click on OVERWRITE option. EventTracker displays success message. 6. Click on OK button. Figure 30 20

Token Template 1. Click the Admin menu, and then click Parsing rule. 2. Select Template tab, and then click on Import option. 3. Click on Browse button. Figure 31 4. Locate Saint Templates.ettd file, and then click the Open button. Figure 32 5. Now select the check box and then click on Import option. EventTracker displays success message. 6. Click on OK button. Figure 33 21

Import Flex Reports 1. Click Reports option, and then click the browse button. 2. Locate applicable Saint Reports.etcrx file, and then click the Open button. Figure 34 3. To import scheduled reports, click the Import button. 22

Figure 35 4. EventTracker displays success message. Figure 36 5. Click OK, and then click the Close button. 23

Verify Saint Knowledge Pack Verify Categories 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Category. 3. In Category Tree to view imported categories, scroll down and expand Saint Security Suite group folder to view the imported categories. Verify Knowledge Object Figure 37 1. Click the Admin menu, and then click Knowledge Objects 2. Scroll down and select Saint in Objects pane. Imported Saint details are shown. 24

Token Template Figure 38 1. Logon to EventTracker Enterprise web interface. 2. Click the Admin menu, and then click Parsing Rules and click Template. 3. Click on Saint group option. 25

Verify Flex Reports Figure 39 1. Logon to EventTracker Enterprise. 2. Click the Reports menu, and then Configuration. 3. Select Defined in report type. 4. In Report Groups Tree to view imported Scheduled Reports, scroll down and click Saint Security Suite group folder. Scheduled Reports are displayed in the Reports configuration pane. 26

Figure 40 NOTE: Please specify appropriate systems in report wizard for better performance. Create Dashboards in EventTracker Schedule Reports 1. Open EventTracker in browser and logon. 2. Navigate to Reports>Configuration. Figure 41 27

Figure 42 3. Select Saint Security Suite in report groups. Check Defined dialog box. 4. Click on schedule to plan a report for later execution. 28

Figure 43 5. Choose appropriate time for report execution and in Step 8 check Persist data in Eventvault explorer box. 29

Figure 44 6. Check column names to persist using PERSIST checkboxes beside them. Choose suitable Retention period. 7. Proceed to next step and click Schedule button. 8. Wait for scheduled time or generate report manually. Create Dashlets 1. EventTracker 8 is required to configure flex dashboard. 2. Open EventTracker in browser and logon. 30

Figure 45 3. Navigate to Dashboard>Flex. Flex Dashboard pane is shown. 4. Click to add a new dashboard. Flex Dashboard configuration pane is shown. Figure 46 Figure 47 31

5. Fill fitting title and description and click Save button. 6. Click to configure a new flex dashlet. Widget configuration pane is shown. Figure 48 7. Locate earlier scheduled report in Data Source dropdown. 8. Select Chart Type from dropdown. 9. Select extent of data to be displayed in Duration dropdown. 10. Select computation type in Value Field Setting dropdown. 11. Select evaluation duration in As Of dropdown. 12. Select comparable values in X Axis with suitable label. 32

13. Select numeric values in Y Axis with suitable label. 14. Select comparable sequence in Legend. 15. Click Test button to evaluate. Evaluated chart is shown. Figure 49 16. If satisfied, Click Configure button. 17. Click customize to locate and choose created dashlet. 18. Click to add dashlet to earlier created dashboard. 33

Sample Dashboards REPORT: Saint- Vulnerability detection WIDGET TITLE: Saint- Vulnerability detection CHART TYPE: Stacked Column AXIS LABELS [X-AXIS]: Host Name LEGEND [SERIES]: Vulnerability/Service Figure 50 34

REPORT: Saint- Vulnerability checks WIDGET TITLE: Saint- Vulnerability checks CHART TYPE: Donut AXIS LABELS [X-AXIS]: CVE LEGEND [SERIES]: Severity category Figure 51 35

REPORT: Saint- User details WIDGET TITLE: Saint- User details CHART TYPE: Pie AXIS LABELS [X-AXIS]: User Name LEGEND [SERIES]: Failed Logins Figure 52 REPORT: Saint- Policy details WIDGET TITLE: Saint- Policy details CHART TYPE: Stacked Column AXIS LABELS [X-AXIS]: Policy category LEGEND [SERIES]: Category Description Figure 53 36

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback