[This content is now available OOTB from RSA Live]
Comment below have the links to locate information about the content
Based on some documents and blog posts that I ran across, these charts and rules were created to alert/display security relevant events from RSA SecurID/ Authentication Manager 8.2+. The reporting and charting is not intended to replace the built in logging for for user events but more of an early warning system to detect potential critical security events that SOC should be aware of.
As always, test and post comments with suggestions or improvements.
1 Dashboard
8 charts
16 rules
1 list
All import under the same folder structure
RE > Log > SecurID
RSAACESRV parser is required to be installed and enabled on log decoders
Syslog log transfer was what was configured in my testing environment
Changes to the OOTB index will be required to index the result metakey.
Included the table-map-custom and index-concentrator-custom changes that will be required
Has not been tested with 7.x or earlier versions of 8.x (8.0/8.1).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.