Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Device Integration : Aruba ClearPass
Overview:
This document will help you with the steps to ingest the Device Integration Aruba Clear Pass with Seceon SIEM to have better visibility of threats happening in your environment
Steps of Configuration
To add a Syslog export filter, Login to Aruba ClearPass with admin access
a) Navigate to Administration > External Servers > Syslog Export Filters.
b)From the Syslog Export Filters page, click Add.
The Add Syslog Filters page opens to the General tab.
Figure 1 Add Syslog Export Filters Page > General Tab
Name : Enter the name of the syslog export filter.
Description :Enter the description that provides additional information about the syslog export filter
(recommended).
Export Template : Audit Records
Export Event Format Type “CEF”: Select this event format type to send the event types in Common Event Format (CEF).
Syslog Servers: Syslog servers define the receivers of syslog messages sent by servers in the ClearPass
cluster.
To add a ClearPass syslog server, select it from the Select to Add drop-down list.
To add a new ClearPass syslog server, click the Add New Syslog Target link (for more information, see Adding a Syslog Target).
To view details about a syslog server, select the syslog server, then click View Details.
To change details about a syslog server, select the syslog server, then click Modify. For more information, see Adding a Syslog Target.
To remove a syslog server (from receiving syslog messages), select the syslog server, then click Remove.
ClearPass Servers:
You can designate syslog messages to be sent from exactly one server in the ClearPass cluster or from all of them.
To add a ClearPass server, select it from the Select to Add drop-down list.
To remove the ClearPass server, select the ClearPass server, then click Remove.
NOTE: When no servers are listed, syslog messages are sent from all servers in the cluster.
Done!
Verification:
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
Seceon Inc. All rights reserved. https://www.seceon.com