/
Device Integration : Aruba ClearPass

Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Integration : Aruba ClearPass

Owned by Customer Success & Engineering (Unlicensed)
Last updated: Apr 24, 2023
3 min read

Overview:

This document will help you with the steps to ingest the Device Integration Aruba Clear Pass with Seceon SIEM to have better visibility of threats happening in your environment

Steps of Configuration

To add a Syslog export filter, Login to Aruba ClearPass with admin access

a) Navigate to Administration > External Servers > Syslog Export Filters.

b)From the Syslog Export Filters page, click Add.
The Add Syslog Filters page opens to the General tab.

Figure 1 Add Syslog Export Filters Page > General Tab

Name : Enter the name of the syslog export filter.

Description :Enter the description that provides additional information about the syslog export filter

(recommended).

Export Template : Audit Records

Export Event Format Type “CEF”: Select this event format type to send the event types in Common Event Format (CEF).

Syslog Servers: Syslog servers define the receivers of syslog messages sent by servers in the ClearPass

cluster.

  • To add a ClearPass syslog server, select it from the Select to Add drop-down list.

  • To add a new ClearPass syslog server, click the Add New Syslog Target link (for more information, see Adding a Syslog Target).

  • To view details about a syslog server, select the syslog server, then click View Details.

  • To change details about a syslog server, select the syslog server, then click Modify. For more information, see Adding a Syslog Target.

  • To remove a syslog server (from receiving syslog messages), select the syslog server, then click Remove.

ClearPass Servers:

You can designate syslog messages to be sent from exactly one server in the ClearPass cluster or from all of them.

  • To add a ClearPass server, select it from the Select to Add drop-down list.

  • To remove the ClearPass server, select the ClearPass server, then click Remove.

 

NOTE: When no servers are listed, syslog messages are sent from all servers in the cluster.

 

Done!

 

Verification:

STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

 

Related content

Aruba Controller Syslog configuration
Aruba Controller Syslog configuration
Seceon Public Portal
More like this
Configuring Syslogs Through Vmware Esxi/VSphere
Configuring Syslogs Through Vmware Esxi/VSphere
Seceon Public Portal
Read with this
Configure syslogs from Sophos firewall
Configure syslogs from Sophos firewall
Seceon Public Portal
More like this
Configuring Syslog's and NetFlow's from Fortinet/ FortiGate firewalls
Configuring Syslog's and NetFlow's from Fortinet/ FortiGate firewalls
Seceon Public Portal
Read with this
Configuring a Syslog destination on your Fortinet FortiAnalyzer device
Configuring a Syslog destination on your Fortinet FortiAnalyzer device
Seceon Public Portal
More like this
Commands to install VMWare tools on Rocky Linux
Commands to install VMWare tools on Rocky Linux
Seceon Public Portal
Read with this

Seceon Inc. All rights reserved. https://www.seceon.com