SECURE FILE TRANSFER PROTOCOL. EventTracker v8.x and above

Similar documents
Integrate Veeam Backup and Replication. EventTracker v9.x and above

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

Integrate NGINX. EventTracker v8.x and above

Integrate Dell FORCE10 Switch

Integration of Phonefactor or Multi-Factor Authentication

Integrate Palo Alto Traps. EventTracker v8.x and above

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Integrate Barracuda Spam Firewall

Receive and Forward syslog events through EventTracker Agent. EventTracker v9.0

Integrate Sophos UTM EventTracker v7.x

Integrate HP ProCurve Switch

Integrate Sophos Appliance. EventTracker v8.x and above

Integrate Microsoft ATP. EventTracker v8.x and above

Integrating Barracuda SSL VPN

Integrate Salesforce. EventTracker v8.x and above

Integrate Aventail SSL VPN

Integrating Terminal Services Gateway EventTracker Enterprise

Integrate Citrix Access Gateway

Integrate Cisco IronPort Security Appliance (ESA)

Integrate EMC Isilon. EventTracker v8.x and above

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Integrate Fortinet Firewall. EventTracker v8.x and above

Integrate MySQL Server EventTracker Enterprise

Port Configuration. Configure Port of EventTracker Website

Enable Auditing in Open LDAP on Linux Server

Integrate TippingPoint EventTracker Enterprise

Integrate VMware ESX/ESXi and vcenter Server

Integrating Imperva SecureSphere

Integrating Cisco Distributed Director EventTracker v7.x

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Integrate pfsense EventTracker Enterprise

Integrate Microsoft Office 365. EventTracker v8.x and above

Integrate Windows PowerShell

Integrate Saint Security Suite. EventTracker v8.x and above

Integrate IIS SMTP server. EventTracker v8.x and above

Integrating Microsoft Forefront Unified Access Gateway (UAG)

Integrate F5 BIG-IP LTM

How To Embed EventTracker Widget to an External Site

Integrate Meraki WAP. EventTracker Enterprise. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Apache Web Server

Integrate Microsoft Antimalware. EventTracker v8.x and above

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

Integrate McAfee Firewall Enterprise VPN

Integrating Cyberoam UTM

Integrate Cisco IOS Publication Date: April 15, 2016

Integrate Malwarebytes EventTracker Enterprise

Integrate Juniper Secure Access VPN

8815 Centre Park Drive Columbia MD Publication Date: Dec 04, 2014

EventTracker v7.x. Integrating Cisco Catalyst. EventTracker 8815 Centre Park Drive Columbia MD

Integrate WatchGuard XTM. EventTracker Enterprise

Integrate Cisco VPN Concentrator

Integrate Cb Defense. EventTracker v8.x and above

Product Update: ET82U16-029/ ET81U EventTracker Enterprise

Integrate A10 ADC Publication Date: September 3, 2015

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Enhancement in Network monitoring to monitor listening ports EventTracker Enterprise

Integrate APC Smart UPS

Integrate Microsoft Hyper-V Server

Geolocation and hostname resolution while Elasticsearch indexing. Update Document

Integrating LOGbinder SP EventTracker v7.x

Integrate Citrix NetScaler

Integrate Viper business antivirus EventTracker Enterprise

Integrate Check Point Firewall. EventTracker v8.x and above

IIS Web Server Configuration Guide EventTracker v8.x

Integrate Trend Micro InterScan Web Security

Enhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise

Integrate Microsoft IIS

Security Scorecard in Flex Dashboard

Secure IIS Web Server with SSL

Integrate Cisco Sourcefire

Integrate Cisco Switch

Agent Installation Using Smart Card Credentials Detailed Document

Event Correlator. EventTracker v8.x

Configuring TLS 1.2 in EventTracker v9.0

Integrate Routing and Remote Access Service (RRAS) EventTracker v8.x and above

IIS Web Server Configuration Guide EventTracker v9.x

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

Process Termination. Feature Guide

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

Agent health check enhancements Detailed Document

Feature List. EventTracker v9.0

Integrate Grizzly steppe attacks detection script

Remote Indexing Feature Guide

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Service Pack ET90U Feature Document

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Integrate Trend Micro Control Manager. EventTracker v8.x and above

Feature List. EventTracker v7.6. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Sep 15, 2014

Check Point Guide. Configure ETAgent to read CheckPoint Logs. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Clavister Firewall

Agent Direct Log Archiver Configuration Guide

EventTracker Linux Agent. Install Guide

Adding Tokens in Flex Report

EventTracker: Backup and Restore Guide Version 9.x

EventTracker Manual Agent Deployment User Manual Version 7.x

Integrate Kaspersky Security Center

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Installation Guide Install Guide Centre Park Drive Publication Date: Feb 11, 2010

EventTracker Upgrade Guide. Upgrade to v9.0

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Transcription:

SECURE FILE TRANSFER PROTOCOL EventTracker v8.x and above Publication Date: January 02, 2019

Abstract This guide provides instructions to configure SFTP logs for User Activities and File Operations. Once EventTracker receive logs, dashboard and reports can be configured to monitor SFTP. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 8.x and later, and. Audience IT Admins and EventTracker users who wish to forward logs to EventTracker Manager and monitor events using EventTracker Enterprise. The information contained in this document represents the current view of EventTracker. on the issues discussed as of the date of publication. Because EventTracker must respond to changing market conditions, it should not be interpreted to be a commitment on the part of EventTracker, and EventTracker cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. EventTracker MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from EventTracker, if its content is unaltered, nothing is added to the content and credit to EventTracker is provided. EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from EventTracker, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2019 EventTracker Security LLC. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 1

Table of Contents Abstract... 1 Scope... 1 Audience... 1 Overview... 3 Prerequisites... 3 Configure RSyslog to forward SFTP logs to EventTracker... 3 EventTracker Knowledge Pack (KP)... 4 Reports... 4 Import Knowledge Pack into EventTracker... 6 Knowledge Objects... 6 Templates... 8 Flex Reports... 8 Verify Knowledge Pack in EventTracker... 11 Knowledge Object... 11 Flex Reports... 11 Templates... 12 2

Overview A "Secure FTP" server needs an SSH client for communication. A secure FTP server supports many actions on files such as file transfers comprised of multiple files, remote file management activities, creations of directories and deletions related to directories and directory listings. A secure FTP server also makes use of protocols to provide security features such as authentication, encryption or data integrity, password management and access control mechanisms. EventTracker helps you to monitor User authenticated, user request open session, user request close session, user request remove session; file opened, file upload started, and successfully stored file. Prerequisites EventTracker v8.x or above should be installed. Allow 514 port from firewall, if there is in between SFTP and EventTracker manager. Configure RSyslog to forward SFTP logs to EventTracker SFTP can send logs to EventTracker using rsyslog. Please follow the following steps to configure it. 1. Open /etc/rsyslog.conf using vi. Figure 1 2. Configure EventTracker Manager IP and syslog port number as per the below specified snap, so that we can get SFTP logs. *.* @EventTracker Manager IP:514 3

Figure 2 Once completed rsyslog.conf and the logs will start logging into the specified IP host location. EventTracker Knowledge Pack (KP) Once logs are received in EventTracker; alert, reports and dashboards can be configured in EventTracker. The following Knowledge Packs are available in EventTracker v8.x and later to support SFTP: Reports SFTP-User Activities: This category provides information related to the User password authentication, user open, close and remove sessions. 4

Figure 3 SFTP- File Operations: This category provides information related to file opened, upload started, successfully stored. Figure 4 5

Import Knowledge Pack into EventTracker 1. Launch EventTracker Control Panel. 2. Double click Export/Import Utility, and then click the Import tab. 3. Import Tokens/Flex Reports as given below. Knowledge Objects Figure 5 1. Click Knowledge objects under Admin option in the EventTracker manager page. 2. Locate the file named KO_SFTP.etko. 6

Figure 6 3. Now select all the check box and then click on Import option. Figure 7 7

4. Knowledge objects are now imported successfully. Templates Figure 8 1. Click parsing rules option, create group and click Import. 2. Locate the file name KO_SFTP.ettd. Figure 9 3.Click the Import button to import the reports. EventTracker displays success message Flex Reports Figure 10 1. Click Reports option and select new (.etcrx) from the option. 8

Figure 11 2. Locate the file named Flex Reports_SFTP.etcrx and select all the check box. 9

Figure 12 3. Click the Import button to import the reports. EventTracker displays success message. Figure 13 10

Verify Knowledge Pack in EventTracker Knowledge Object 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Knowledge Object. 3. In Knowledge Object Group Tree, to view imported knowledge object, scroll down and click SFTP group folder. Knowledge Object are displayed in the pane. Flex Reports Figure 14 1. Logon to EventTracker Enterprise. 2. Click the Reports menu, and then Configuration. 3. Select Defined in report type. 4. In Report Groups Tree to view imported Scheduled Reports, scroll down and click SFTP group folder. Reports are displayed in the Reports configuration pane. 11

Templates Figure 15 1. Logon to EventTracker Enterprise. 2. Click the Parsing rules menu 3. Select Template and choose Group name. 4. In Template to view imported Templates, scroll down and click SFTP group folder. Figure 16 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback