This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Devices supported with RSA Security Analytics

Go to solution
Anonymous
Not applicable

‎2013-11-25 02:03 AM

Hi All,

 

Can someone please share what all the devices which RSA Security analytics supports for log integration?

 

I have been told that there are some issues integrating Cisco ASA 8.4 with Security analytics. Please validate.

 

Regards

Shubham

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Anonymous
Not applicable
In response to Anonymous

‎2014-01-23 12:59 PM

Below is the list.  For versions you would need to go into each PDF document on the SCOL.  From what I have seen all our devices are native supported(any patch level) if RSA supports them.  Should also be noted that a lot of vendors realize logging happens now, so changing log formats does not seem to happen as much.

 

actiancevantage

actividentity

airdefense

airmagnet

aix

alcatelomniswitch

apache

apachetomcat

appsecdbprotect

arubaairwave

arubacppm

arubanetworks

astarosg

avectopg

avocentkvm

barracudasf

barracudawaf

beewarewaf

bigfix

bigip

bigipapm

bigipasm

bit9

blackberryes

bluecoatdirector

bluecoatproxyav

bmcremedyitsm

brocadeswitch

cacheflowelff

caitm

casiteminder

celerra

checkpointfw1

ciscoace

ciscoacsxp

ciscoasa

ciscoidsxml

ciscoiportesa

ciscoiportwsa

ciscolms

ciscomars

ciscomse

cisconac

cisconcm

cisconxos

ciscopix

ciscorouter

ciscosecagent

ciscosecureacs

ciscoucs

ciscowcs

ciscoworks

citrixag

citrixns

citrixxa

clariion

courionpc

cyberark

cyberguardclassic

damballa

delldrac

dellswitch

detectit

dragonids

eeyeblink

eeyerem

eeyeretina

emcavamar

emcdatadomain

emcdocumentum

emcdpa

emcionixuim

emcisilon

emcnetworker

emcvplex

enterasysswitch

entercept

enterpriseitsfne

epolicy

esrs

fabricos

fairwarningpm

fireeyewebmps

firepass

forescoutcounteract

forticlientendpoint

fortinet

fortinetfortimail

fortinetmgr

fsecureav

gecea

gepacs

git

greenplum

greenplumhd

gseftserver

guardium

hpnonstopserver

hpprocurvesw

hpux

huaweivrp

hytrust

ibmacf2

ibmdb2

ibmicsf

ibmidms

ibmims

ibmmainframeipsec

ibmmfzossyslog

ibmracf

ibmtamesso

ibmtamws

ibmtim

ibmwebsphere

ibmwebspheredp

ibmwebspheremq

impervawaf

infobloxnios

intrushield

invincea

ironmail

iseries

iss

j4carehcc

jboss

juniperic

junipersbr

junipervpn

juniperwlc

junosrouter

kasperskyav

kvm

landesk

linux_snare

lotusdomino

lumensionemss

manageenginenetflow

mazuprofiler

mcafeedlp

mcafeeds

mcafeeendpoint

mcafeefoundscan

mcafeeic

mcafeenac

mcafeepa

mcafeereconnex

mcafeevirusscan

mcafeewg

mckessonhpf

microdasys_xsg

microsoftiis

mom

msacs

msdhcp

msexchange

msforefrontcs

msfuag

msisa

msnap

mssccm

mssharepoint

mssql

mswsus

mysql

ncircleccm

nessusvs

netapp

netasqutm

netscreen

netwitness

netwitnessspectrum

nexpose

nfdump

nfrnids

nokiaipso

nortelvpn

novelledirectory

nsm

openvms

oracle

oracleav

oracledv

oracleid

oracleim

oracleiplanetweb

oracleweblogic

paloaltonetworks

perforce

postgresql

proofpoint

radwaredp

rhlinux

riverbedsteelhead

rsaaah

rsaaaop

rsaaccessmanager

rsaacesrv

rsaarcher

rsaaveksa

rsacm

rsadlp

rsaecat

rsafim

rsakeymanager

rsavlr

safendprotector

sap

secudesi

sidewinder

silverpeakwan

silvertailforensics

snort

solaris

solarisbsm

sonicwallemail

sonicwallgms

sophos

squid

stealthwatch

sunoneldap

sybasease

symantecav

symantecbrightmail

symanteccsp

symantecdlp

symantecintruder

symmetrix

teradata

tippingpoint

trendmicro

trendmicrods

trendmicrodsa

trendmicroimss

trendmicroiwss

trendmicroossec

trendmicroscanmail

trendmicrosp

tripwire

tufinsecuretrack

varonisprobe

vmware_esx_esxi

vmware_vc

vmware_vcloud

vmware_view

vmware_vshield

voltagesecuredata

voyence

vssmonitoring

websense

whatsupgold

winevent_er

winevent_nic

winevent_snare

zenprisemdm

View solution in original post

0 Likes
8 REPLIES 8

Go to solution
Anonymous
Not applicable

‎2013-11-28 10:33 AM

Hello,

 

Cisco ASA 8.4 and 8.43 are native supported devices.

 

I've seen this integration running fine.

 

Regards,

Luz

0 Likes

Go to solution
Anonymous
Not applicable
In response to Anonymous

‎2013-12-15 07:58 AM

Hi Marcelo,

 

Thanks for the reply.

 

Do we have a list of all the devices which are compatible with RSA SA just like we have for RSA Envision?

 

Regards

Shubham

0 Likes

Go to solution
Anonymous
Not applicable
In response to Anonymous

‎2013-12-16 02:41 PM

Hey Shubham,

 

Though this is not confirmed by RSA, I would say almost all devices will be supported that enVision had.  The best place to look would be on the appliance itself.  If you ssh to the logdecoder, then $ls /etc/netwitness/ng/envision/etc/devices/.  This will give you the list of parsers currently in SA.  From our experience they are still having issues with some devices using the file reader, or sftp.  We currently run a bluecoat and we can get system logs via syslog to our system but we have to zconnect the weblogs over. 

 

Hope this helps!

Go to solution
RSAAdmin
Beginner
Beginner

‎2013-12-18 12:45 PM

You need to be careful about "supported" devices. Most any device is able to be configured as long as it logs, but what seems to be the case is there are issues with versions. For instance, Oracle OIM may be "supported" in version 10, but if you're not running that version, the parser needs to be tweaked to configure the device properly. Also, the envision documentation usually dosen't work 100%  when configuring a device to feed into RSA, so you may need to contact support if you can't get the device to feed properly. The lack of documentation is what is going to slow you up.

0 Likes

Go to solution
Anonymous
Not applicable
In response to Anonymous

‎2014-01-23 12:49 PM

Hi Sean,

 

Thanks for your reply.

 

Problem is We still do not have the Security analytics in our environment and are in the final stages of procurement.

Is it possible for you to extract this information from your running environment and share the same with me?

 

I just need the list of devices along with their version which are currently supported with RSA Security analytics 10.3 SP1.

 

Regards

Shubham Arora

0 Likes

Go to solution
Anonymous
Not applicable
In response to Anonymous

‎2014-01-23 12:59 PM

Below is the list.  For versions you would need to go into each PDF document on the SCOL.  From what I have seen all our devices are native supported(any patch level) if RSA supports them.  Should also be noted that a lot of vendors realize logging happens now, so changing log formats does not seem to happen as much.

 

actiancevantage

actividentity

airdefense

airmagnet

aix

alcatelomniswitch

apache

apachetomcat

appsecdbprotect

arubaairwave

arubacppm

arubanetworks

astarosg

avectopg

avocentkvm

barracudasf

barracudawaf

beewarewaf

bigfix

bigip

bigipapm

bigipasm

bit9

blackberryes

bluecoatdirector

bluecoatproxyav

bmcremedyitsm

brocadeswitch

cacheflowelff

caitm

casiteminder

celerra

checkpointfw1

ciscoace

ciscoacsxp

ciscoasa

ciscoidsxml

ciscoiportesa

ciscoiportwsa

ciscolms

ciscomars

ciscomse

cisconac

cisconcm

cisconxos

ciscopix

ciscorouter

ciscosecagent

ciscosecureacs

ciscoucs

ciscowcs

ciscoworks

citrixag

citrixns

citrixxa

clariion

courionpc

cyberark

cyberguardclassic

damballa

delldrac

dellswitch

detectit

dragonids

eeyeblink

eeyerem

eeyeretina

emcavamar

emcdatadomain

emcdocumentum

emcdpa

emcionixuim

emcisilon

emcnetworker

emcvplex

enterasysswitch

entercept

enterpriseitsfne

epolicy

esrs

fabricos

fairwarningpm

fireeyewebmps

firepass

forescoutcounteract

forticlientendpoint

fortinet

fortinetfortimail

fortinetmgr

fsecureav

gecea

gepacs

git

greenplum

greenplumhd

gseftserver

guardium

hpnonstopserver

hpprocurvesw

hpux

huaweivrp

hytrust

ibmacf2

ibmdb2

ibmicsf

ibmidms

ibmims

ibmmainframeipsec

ibmmfzossyslog

ibmracf

ibmtamesso

ibmtamws

ibmtim

ibmwebsphere

ibmwebspheredp

ibmwebspheremq

impervawaf

infobloxnios

intrushield

invincea

ironmail

iseries

iss

j4carehcc

jboss

juniperic

junipersbr

junipervpn

juniperwlc

junosrouter

kasperskyav

kvm

landesk

linux_snare

lotusdomino

lumensionemss

manageenginenetflow

mazuprofiler

mcafeedlp

mcafeeds

mcafeeendpoint

mcafeefoundscan

mcafeeic

mcafeenac

mcafeepa

mcafeereconnex

mcafeevirusscan

mcafeewg

mckessonhpf

microdasys_xsg

microsoftiis

mom

msacs

msdhcp

msexchange

msforefrontcs

msfuag

msisa

msnap

mssccm

mssharepoint

mssql

mswsus

mysql

ncircleccm

nessusvs

netapp

netasqutm

netscreen

netwitness

netwitnessspectrum

nexpose

nfdump

nfrnids

nokiaipso

nortelvpn

novelledirectory

nsm

openvms

oracle

oracleav

oracledv

oracleid

oracleim

oracleiplanetweb

oracleweblogic

paloaltonetworks

perforce

postgresql

proofpoint

radwaredp

rhlinux

riverbedsteelhead

rsaaah

rsaaaop

rsaaccessmanager

rsaacesrv

rsaarcher

rsaaveksa

rsacm

rsadlp

rsaecat

rsafim

rsakeymanager

rsavlr

safendprotector

sap

secudesi

sidewinder

silverpeakwan

silvertailforensics

snort

solaris

solarisbsm

sonicwallemail

sonicwallgms

sophos

squid

stealthwatch

sunoneldap

sybasease

symantecav

symantecbrightmail

symanteccsp

symantecdlp

symantecintruder

symmetrix

teradata

tippingpoint

trendmicro

trendmicrods

trendmicrodsa

trendmicroimss

trendmicroiwss

trendmicroossec

trendmicroscanmail

trendmicrosp

tripwire

tufinsecuretrack

varonisprobe

vmware_esx_esxi

vmware_vc

vmware_vcloud

vmware_view

vmware_vshield

voltagesecuredata

voyence

vssmonitoring

websense

whatsupgold

winevent_er

winevent_nic

winevent_snare

zenprisemdm

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to Anonymous

‎2014-01-24 08:24 AM

wish they updated all the list in the sadocs.emc.com

0 Likes

Go to solution
Anonymous
Not applicable
In response to Anonymous

‎2014-02-05 08:11 AM

Hi Sean,

 

Thanks for the reply. Below is the list of devices for which configuration guides are present at SCOL.

 

ArborNetworks_PeakFlowSP5

Aventail_SSLVPN

CheckPoint_SPLATOS

Cisco_ASA

Cisco_ASA_SSM

Cisco_FirewallSM

Cisco_IOS

Cisco_WLAN

Debian_Linux

HP_TippingPoint

HP_Unix

IBM_AIX

Juniper_NetscreenFirewall

Juniper_NetScreenOS

McAfee_EndpointEncryption

Microsoft_ACS

Microsoft_EndpointProtection

Microsoft_Exchange

Microsoft_WindowsSNARE

Microsoft_WSUS

MicrosoftWindowsEventing

MySQL_Enterprise

NetApp_DataONTAP

Novell_Linux

RedHat_Linux

RSA_Archer

RSA_DataProtectionManager

RSA_DLP

RSASecurityAnalytics_v10.3_Legacy_Windows_Collection_Installation_Instructions

Sun_Solaris

Tripwire_Enterprise

VMware_vCloudDirector

VMWare_View

VMware_vShield

 

It has also been mentioned that for other devices a support request need to be raised.

 

Does this mean that only these devices are supported?

 

Regards

Shubham

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.