Press "Enter" to skip to content

Posts published in “SIEM”

Gartner Magic Quadrant for SIEM Products (2016, 2015, 2014, 2013, 2012, 2011, 2010)

0

Gartner defines SIEM as a technology that aggregates data produced by security devices, network infrastructure and systems, and applications. Products in the security information and event management (SIEM) market analyze security event data and network flow data in real time for internal and external threat management. They collect, store, analyze and report on log data for incident response, forensics and regulatory compliance. Vendors in this space are continually improving threat intelligence and security analytics. Companies are looking to adopt this…

Configure Netflow on network devices for PRTG Netflow Monitoring

3

Netflow is a feature first introduced into Cisco routers and switches and then flow concept has been widely accepted by other network product vendors. Basically the network devices which support xflow feature can collect IP traffic statistics on the interfaces where xFlow is enabled, and export those statistics as xFlow records to remote defined xFlow collector. PRTG can use this NetFlow feature for detailed bandwidth usage monitoring and it also shows you: where your bandwidth is used who is using…

Using PRTG SNMPv3 Monitoring Juniper SRX 240H Alarm andTemperature

0

One of our SRX240H is having temperature problem. Whenever the temperature reached 50 Celsius degree, system alarm will be on. Alarm email should be sent out when temperature reached threshold 50. SRX itself seems not able to send alarm email out based on this discussion. NSM or other SNMP tools may help in this situation. PRTG is using to monitor our network devices and it works great with SNMPv3. My previous post has described how to monitor SRX’s CPU, Memory,…

Archive Juniper STRM (IBM Qradar) Logs to remote server

0

Our Juniper STRM is running out of space after receiving more and more logs from Check Point management server and Juniper NSM. Since my STRM 500 only has about 400G storage capability and there is no other way to get budget to upgrade it to other expensive model, I decided to manually archive some older data out of this box. The steps are quite straightforward, just need to find out log folders and tar them , move them to remote…

Installation Steps of LOG Storm Free Virtual SIEM Appliance

0

I was reading the Top 47 Log Management Tools from ProfitBricks’ blog. During quick scanning the key features and cost, I decided to give LOG Storm a try. This post is the recording steps for installation and basic configuration of this product. Key Features:  In-depth threat analysis Flexible deployment options Intuitive graphical user interface Incident response, forensics, and discovery Built-in support for 1,000+ devices Simple device integration tool Reporting packs for major regulatory compliance standards Master console for centralized log management…

Forwarding Checkpoint Management Server Firewall logs to an external syslog server STRM/Qradar SIEM

0

There are two ways to integrate STRM with Check Point Firewalls devices. 1. Using Syslog On Check Point management station, you can follow these steps to redirect firewall logs and audit logs to the external syslog server: a) Vi /etc/syslog.conf, on the management station, and add the following line at the end of the file: local5.info @hostname such as :           local5.info @10.94.20.23 where ‘10.94.20.23’ is the IP of the syslog server (Juniper STRM). b) if…

Forward Logs from Checkpoint SmartCenter Management Server and Juniper NSM / IDP to Syslog Server

0

Two KBs regarding how to collect log from Checkpoint and Juniper: 1. Configuring SmartCenter to send logs to syslog server Solution ID: sk33423 Proceed as follows: a. On the SmartCenter server edit the /etc/syslog.conf file and add the following line: local4.info <TAB> @IP_OF_REMOTE_BOX b. Add the following line to the end bottom of /etc/rc.d/init.d/cpboot file, to be executed on boot up: fw log -ftnl 2> /dev/null | awk ‘NF’ | logger -p local4.info -t Firewall & Notes: The ‘&’ in the…