Integrate Sophos UTM

1y ago
21 Views
2 Downloads
924.09 KB
15 Pages
Last View : 2m ago
Last Download : 2m ago
Upload by : Luis Wallis
Transcription

Integrate Sophos UTMEventTracker v7.xEventTrackerPublication Date: April 6, 20158815 Centre Park DriveColumbia MD 21045www.eventtracker.com

EventTracker: Integrating Sophos UTMAbstractThis guide provides instructions to configure Sophos UTM to send the syslog events toEventTracker Enterprise.ScopeThe configurations detailed in this guide are consistent with EventTracker Enterprise version7.X and later, and Sophos UTM 9 and later.AudienceSophos UTM users, who wish to forward Syslog events to EventTracker Manager.The information contained in this document represents the current view of PrismMicrosystems Inc. on the issues discussed as of the date of publication. Because PrismMicrosystems must respond to changing market conditions, it should not be interpreted to bea commitment on the part of Prism Microsystems, and Prism Microsystems cannotguarantee the accuracy of any information presented after the date of publication.This document is for informational purposes only. Prism Microsystems MAKES NOWARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limitingthe rights under copyright, this paper may be freely distributed without permission fromPrism, as long as its content is unaltered, nothing is added to the content and credit to Prismis provided.Prism Microsystems may have patents, patent applications, trademarks, copyrights, or otherintellectual property rights covering subject matter in this document. Except as expresslyprovided in any written license agreement from Prism Microsystems, the furnishing of thisdocument does not give you any license to these patents, trademarks, copyrights, or otherintellectual property.The example companies, organizations, products, people and events depicted herein arefictitious. No association with any real company, organization, product, person or event isintended or should be inferred. 2014 Prism Microsystems Corporation. All rights reserved. The names of actual companiesand products mentioned herein may be the trademarks of their respective owners.1

EventTracker: Integrating Sophos UTMTable of ContentsAbstract. 1Scope . 1Audience. 1Prerequisites. 3Integrate EventTracker with Sophos UTM . 3EventTracker Knowledge Pack (KP). 5Import Sophos UTM Knowledge Pack into EventTracker . 6Import Category . 6Import Alerts . 7Import Tokens . 8Import Flex Reports . 9Verify Sophos UTM knowledge pack in EventTracker. 10Verify Sophos UTM Categories . 10Verify Sophos UTM Alerts . 11Verify Sophos UTM Tokens . 12Verify Sophos UTM Flex Reports . 13Sample Reports . 142

EventTracker: Integrating Sophos UTMPrerequisites EventTracker should be installed Sophos UTM 9 and later should be installed and configuredIntegrate EventTracker with Sophos UTMTo configure logging for Sophos UTM proceed as follows: Logon to the WebAdmin of the UTMNavigate to Logging & Reporting Log Settings Remote Syslog ServerActivate the Remote Syslog statusConfigure a Syslog servero Name: freely selectableo Server: IP or hostname of your Syslog server EventTracker Enterpriseo Port: UDP 514Click on ApplyFigure 01If syslog messages cannot be delivered, they will be buffered, and re-send when possible. Bydefault, up to 1000 logs will be buffered.3

EventTracker: Integrating Sophos UTMOnce Syslog targets have been configured the logs to send via syslog must also be selected on thesame screen. By default, none are selected. Select the desired logs, and click 'Apply'.Figure 01To determine which logs are desired, you can view complete log contents and watch logs in realtime, under 'Logging & Reporting' 'View Log Files'.4

EventTracker: Integrating Sophos UTMEventTracker Knowledge Pack (KP)Once logs are received in to EventTracker, Alerts and Reports can be configured intoEventTracker.The following Knowledge Packs are available in EventTracker v7.x to support Sophos UTMmonitoring:Alerts: Sophos UTM: User authentication failure - This alert is generated when userauthentication failure occurs. Sophos UTM: Shell password changed - This alert is generated when shell password hasbeen changed. Sophos UTM: Object changed - This alert is generated when object changed. Sophos UTM: Object deleted - This alert is generated when object deleted. Sophos UTM: Node changed - This alert is generated when node changed.Reports: Sophos UTM: User Authentication Success - This flex report provides information related touser authentication success. Sophos UTM: Shell Password Changed - This flex report provides information related toshell password changed by someone. Sophos UTM: Packet Dropped - This flex report provides information related to packet datadropped. It gives the information on which interface packet dropped. Sophos UTM: Packet Accepted - This flex report provides information related to packet dataaccepted. It gives the information on which interface packet accepted. Sophos UTM: Object Created - This flex report provides information related to objectcreated .It gives the object name which has been created and who has created. Sophos UTM: Object Changed - This flex report provides information related to objectchanged. It gives information which object has been changed by who. Sophos UTM: Object Deleted - This flex report provides information related to objectdeleted. It gives information which object has been deleted by who.5

EventTracker: Integrating Sophos UTM Sophos UTM: Node Changed - This flex report provides information related to nodechanged. It gives information what node has been changed by who.Import Sophos UTM Knowledge Pack intoEventTracker1. Launch EventTracker Control Panel.2. Double click Import Export Utility, and then click the Import tab.Import Category, Alert, Tokens and Flex Reports as given below.Import Category1. Click Category option, and then click the browsebutton.Figure 036

EventTracker: Integrating Sophos UTM2. Locate All Sophos UTM group of Categories.iscat file, and then click the Open button.3. To import the categories, click the Import button.EventTracker displays success message.Figure 044. Click OK, and then click the Close button.Import Alerts1. Click Alert option, and then click the browsebutton.Figure 057

EventTracker: Integrating Sophos UTM2. Locate All Sophos UTM group of Alerts.isalt file, and then click the Open button.3. To import alerts, click the Import button.EventTracker displays success message.Figure 064. Click OK, and then click the Close button.Import Tokens1. Click Token value option, and then click the browsebutton.Figure 078

EventTracker: Integrating Sophos UTM2. Locate All Sophos group of Tokens.istoken file, and then click the Open button.3. To import tokens, click the Import button.EventTracker displays success message.Figure 084. Click OK, and then click the Close button.Import Flex Reports1. Click Scheduled Report option, and then click the browsebutton.Figure 099

EventTracker: Integrating Sophos UTM2. Locate All Sophos UTM group of Flex Report.issch file, and then click the Open button.3. To import scheduled reports, click the Import button.EventTracker displays success message.Figure 104. Click OK, and then click the Close button.Verify Sophos UTM knowledge pack inEventTrackerVerify Sophos UTM Categories1. Logon to EventTracker Enterprise.2. Click the Admin menu, and then click Categories.3. In the Category Tree, expand Sophos UTM group folder to view the imported categories.10

EventTracker: Integrating Sophos UTMFigure 11Verify Sophos UTM Alerts1. Logon to EventTracker Enterprise.2. Click the Admin menu, and then click Alerts.3. In the Search field, type ‘Sophos UTM’, and then click the Go button.Alert Management page will display all the imported Sophos UTM alerts.Figure 124. To activate the imported alerts, select the respective checkbox in the Active column.11

EventTracker: Integrating Sophos UTMEventTracker displays message box.Figure 135. Click the OK button, and then click the Activate now button.NOTE: You can select alert notification such as Beep, Email, and Message etc. For this,select the respective checkbox in the Alert management page, and then click the ActivateNow button.Verify Sophos UTM Tokens1. Logon to EventTracker Enterprise.2. Click the Admin menu, and then click Parsing rules.The imported Sophos UTM tokens are added in Token-Value Groups list. Please referFigure 13.Figure 1412

EventTracker: Integrating Sophos UTMVerify Sophos UTM Flex Reports1. Logon to EventTracker Enterprise.2. Select the Reports menu, and then select Configuration.3. In Reports Configuration, select Defined option.EventTracker displays Defined page.4. In search box enter ‘Sophos UTM’.EventTracker displays Flex reports of Sophos UTM.Figure 1513

EventTracker: Integrating Sophos UTMSample ReportsSome sample reports are given below.Figure 16Figure 1714

EventTracker: Integrating Sophos UTM 11 Figure 11 . Verify Sophos UTM Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts. 3. In the Search field, type ' Sophos UTM ', and then click the Go button. Alert Management page will display all the imported Sophos UTM alerts. Figure 12 . 4.

Related Documents:

HTTPS Sophos UTM Manager IP Address 192.168.2.200 Sophos UTM (UTM01) Port 4433 Ext. IP Address 65.227.28.232 WebAdmin Port 4444 Port 4433 InternetInte Sophos UTM (UTM03) Sophos UTM (UTM04) Sophos UTM (UTM02) Sophos UTM (UTM06) Sophos UTM (UTM07) Sophos UTM (UTM05) Sophos UTM (UTM08) Customer/Of ce 1 Customer/Of ce 2 Port 4422 Gateway Manager

This section describes the Sophos products required for managed endpoint security: Sophos Enterprise Console Sophos Update Manager Sophos Endpoint Security and Control 2.1 Sophos Enterprise Console Sophos Enterprise Console is an administration tool that deploys and manages Sophos endpoint software using groups and policies.

Sophos Server Protection Sophos Email Protection EMC NetApp Sophos for Network Storage ストレージサーバー 外部用サーバー SafeGuard Sophos Anti-Virus for vShield - VDI Windows Mac Linux Windows クライアント 支店 / 支社 2 Sophos RED Sophos Wi-Fi Ac

This guide is intended to help you install and get up and running with Sophos iView v2. Reports for Device Type iView v2 provides reports for following device types: - Sophos Firewall OS - Sophos UTM 9 - CyberoamOS Licensing Sophos iView licenses are available in multiple tiers based on storage requirements and support terms

Sophos UTM 9.2 Sizing Guide 2. Make first estimate — using the calculated "Total UTM User" number Take the "Total UTM User" and make a first estimate for the required UTM hardware appliance within the following diagram: Ì Each line shows the range of users recommended when only using this single subscription.

Sep 21, 2018 · Sophos Anti-Virus for NetApp Storage Systems 4 Before you install Sophos Anti-Virus for NetApp Storage Systems Before installing Sophos Anti-Virus for NetApp Storage Systems, you need to do the following: Install Sophos Endpoint Security and Control (antivirus component only

i. Hardware - SG series hardware appliances support SFOS. If you have a UTM series appliance, contact your Sophos Partner or Sophos representative to upgrade your hardware. ii. Virtual appliance - Virtual / Software appliances with 2 GB RAM or more support SFOS. b. Firmware version: i. Migration Portal allows converting configuration backup .

Software Development , Scrum [11] [12], Scrumban [Ladas 2009 and several va-riant methods of agile]. The agile methodology is based on the “iterative enhancement” [13] technique [14]. As a iteration based methodology, each iteration in the agile methodology represents a small scale and selfcontained Software Development Life Cycle - (SDLC) by itself . Unlike the Spiral model [1] , agile .