Read Supported_Devices text version

RSA enVision

Supported Event Sources

A

Vendor

Actividentity Airmagnet Apache Apple

Vendor

version r8

Device

Collection Method

Check Point LEA API

Device

4TRESS AAA Server - version 6.4.1 AirMagnet Enterprise - version 7.5.0 HTTP Server - versions 2.1, 2.2 Mac OS X

Collection Method

ODBC

Check Point

Provider-1 - version 4.1 Firewall-1/VPN-1/SmartDefense versions R54 - R65

CipherTrust Syslog Cisco Log File FTP Syslog Syslog Syslog Syslog Cisco

CipherTrust IronMail - version 5.5 SNMP Access Control Server - versions Log File FTP 3.3, 4.0, 4.2 (software only) Access Control Server - versions 4.0, 4.1, 4.2 (appliance) Cisco Adaptive Security Appliance Syslog Software - versions 8.2, 7.1(2), 7.2 (to generate syslog events) Cisco ASA Security Services Module Software - version 5.1(1p1) (to generate IDS events)

Arbor Networks Peakflow SP5 - version 5.0 Arbor Networks Peakflow X - version 4.1 Aruba Networks Aruba Networks Mobility Controller version ArubaOS 2.5.4.0 Aventail Avocent Aventail SSL VPN - version 8.8 Avocent IP KVM - version Dell PowerEdge 2161DS-2

Log File FTP SNMP parser trap handler Cisco

Aironet AP (Wireless Access Point) - version IOS 12.2 Catalyst Switch 6500 CATOS version 8.3 (alerting only) CiscoWorks Common Services versions 2.3, 3.0

Syslog

Cisco

Syslog

B

Vendor Device Collection Method

Cisco

Generic Filereader, Syslog Filereader Log File FTP, Syslog Syslog

Cisco

Content Engine - versions 5.0, 5.4 Content Services Switch versions 5.10, 8.10

Barracuda Networks Spam Firewall - version 3.4 & 3.5 Syslog Blue Coat Systems Blue Coat Systems CacheOS (CacheFlow Appliance) Log File FTP ProxySG SGOS (Security Gateway Log File FTP Appliance) - versions 4.1, 4.2, 5.1, 5.2, 5.4, 5.4.2

Cisco

Cisco

IronPort Email Security Appliance Log File FTP - version 5.7.0 IronPort Web Security Appliance- Log File FTP version 5.7.0 Mobility Services Engine version 5.2.91.0 PIX Firewall - version 8.2, 7.0 Router - version IOS, 12.4 Secure IDS - versions 4.x, 5.0, Syslog

Cisco

C

Vendor

CA

Cisco

Device

Integrated Threat Management -

Collection Method

SNMP

Cisco Cisco Cisco

Syslog Syslog SDEE,

Event Source Update

© 2009 RSA Security Inc. All rights reserved

Page 1 of 5

Vendor

Device

5.1, 6.0, 6.1, 6.2, 7.0

Collection Method

RDEP (prior to enVision 4.0)

F

Vendor

F5 F5

Device

BigIP - version 9.4

Cisco Cisco

Security Agent - versions 4.0, 5.1 SNMP VPN 3000 Concentrator versions 3.6.7 , 4.0, 4.1, 4.7 Wireless LAN Controller (WLC) version 5.2.157.0 Syslog

Collection Method

Syslog

F5 Firepass - version 5.5-20051019 Syslog FortiGate Antivirus Firewall, running Syslog FortiOS - version 2.8, 3.0 Syslog Syslog

Cisco

Syslog

Fortinet

Crossbeam Systems C-Series - versions 4.X, 5.X, 6.X Syslog CyberGuard Firewall TSP Family Series version 6.4.1 Syslog

Foundry Networks Switch - version 07 FreeBSD FreeBSD - version 5.4

CyberGuard

Cyberguard Classic - version 5.2 Syslog P4

G

Vendor Device Collection Method

D

Vendor

Debian Dell Dell

Device

Debian GNU/Linux 3.1 & 4.0 DRAC (Dell Remote Access Controller) version 6.0 PowerConnect 5324 Switch - version 1.0.0.47

Collection Method

Syslog SNMP Syslog

Guardium SQL Guard Syslog

H

Vendor

HP HP HP

Device

Collection Method

E

Vendor

EMC

ProCurve Switch series 2600/2800/5300 Syslog Open VMS - all versions UX - version 11.X, C2 v 11.X Log file FTP Syslog

Device

Collection Method

Celerra - version 5.5 SNMP (branded as: EMC Control Station, Blades, DataMover) Clariion - version Navisphere 6.28 SNMP Fabric OS - version 6.1, 6.2 Symmetrix Solutions Enabler version 6.4 Syslog

I

Vendor

IBM

EMC EMC EMC

Device

AIX 5L (Security and Authentication messages only) iSeries (AS400 V5R2 and above) Additional files: ftpscript, auditpgm

Collection Method

Syslog, Syslog NG Log File FTP

Syslog, NIC Windows Service SNMP SNMP Syslog

IBM

EMC

Voyence - version 4.0.1

Enterasys Networks Dragon - version 5.x, 6.x, 7.2 Extreme Networks ExtremeWare Switch - version 6.2, 7.2, 7.7

IBM (Lotus) Lotus Domino IBM IBM Mainframe ACF2 ZOS - version 1.4

SNMP Log File FTP

Mainframe DB2 UDB - versions 7, 8/ ZOS Log File FTP v1.4 Mainframe IDMS - versions (all) Log File FTP

IBM

Event Source Update

© 2009 RSA Security Inc. All rights reserved

Page 2 of 5

Vendor

IBM IBM

Device

Mainframe IMS - versions (all)

Collection Method

Log File FTP

M

Vendor Device Collection Method

Mainframe SMA_RT OS390/ZOS - version Syslog 2.0.6 Mainframe RACF ZOS - version 1.4 Log File FTP

IBM IBM

Mazu Networks Mazu Profiler - versions 5.5.2, 6.0, 7.0 SNMP McAfee ePolicy Orchestrator - versions 3.5, 3.6 and 4.x Foundscan Professional/Enterprise versions 5.0, 6.5.1 ODBC

ISS Product suite: Proventia Appliance, ODBC SiteProtector, Internet Scanner, RealSecure - Site Protector v2.0 SP6.1, SP7.0, SP8.0 Mainframe Top Secret ZOX - version 1.4 IBM Websphere - version 6.0.0.1/Microsoft Windows 2003 SecureSphere Web Application Firewall NetStructure VPN - version 6.9 Log File FTP Filereader ODBC Syslog

McAfee

ODBC

IBM IBM

McAfee

Host Intrusion Prevention (also branded ODBC as Entercept): · version 6.0.1 supported on McAfee ePolicy Orchestrator version 3.6 version 7.0 supported on McAfee ePolicy Orchestrator version 4.0

Imperva Intel

·

J

McAfee McAfee Intrushield - versions 2.1, 3.1, 4.1 VirusScan Enterprise - version 8.0i Syslog Windows Event Logs Log File SFTP

Vendor

Device

Collection Method

Microsoft

Juniper Networks DX Application Accelerator - version Syslog 5.1.5 Juniper Networks IDP - versions 3.0, 3.1, 3.2, 4.0, 4.1 Syslog Juniper Networks Infranet Controller 4500 - version 2.2 Syslog Juniper Networks JUNOS Router - version 6.1 Juniper Networks NetScreen Firewall Screen OS versions 5.1, 5.3, 5.4, 6.0 Juniper Networks NetScreen-Security Manager versions 2004, 2006, 2007 Juniper Networks SSL VPN - versions 5.4, 5.5, 6.0 Juniper Networks Steel-Belted Radius - version 5.4 Syslog Syslog Microsoft Microsoft

DHCP Server, Windows 2000, Windows 2003, Windows 2008 SFTP Configuration, Windows 2000 SFTP Configuration, Windows 2003

Exchange Server - versions 2003 and Log File FTP 2007 and Windows Event Logs Forefront version Beta File Reader, SFTP Agent

Syslog

Microsoft

Internet Authentication Service version Log File FTP 2003 and Windows Event Logs IIS (Internet Information Services) versions 5.x, 6.x, 7.x ISA Server - versions 2000, 2004, 2006 Log File FTP

Syslog Microsoft Log File FTP Microsoft

Log File FTP and Windows Event Logs Agentless Windows

Microsoft

L

Vendor

Lancope

Microsoft Operations Manager version 2005 - SP1 (Windows 2003 R2) SQL Server - version 2000, 2005

Device

Collection Method

Microsoft

StealthWatch - versions 5.x Syslog (StealthWatch Xe for NetFlow, StealthWatch Xe for sFlow, StealthWatch NC)

ODBC and Log File FTP and Windows Event Logs Microsoft Event Logging API

Microsoft

Windows (agentless)

Microsoft

Windows (via third party collection Syslog via agent) - Adiscon Event Reporter & DNS Agent

Event Source Update

© 2009 RSA Security Inc. All rights reserved

Page 3 of 5

Vendor

Server

Device

Collection Method

Syslog via Agent Syslog via Agent

R

Vendor

Red Hat

Microsoft

Microsoft

Windows (via third party collection agent) - InterSect-Alliance BackLog Windows (via third party collection agent) - InterSect Alliance SNARE

Device

Red Hat Enterprise Linux 3, 4 & 5

Collection Method

Syslog Log File SFTP Syslog

Motorola

AirDefense Enterprise Server - version Syslog 7.2, 7.3

RSA Security Access Manager - version 6.0 on Solaris, Windows, and Linux RSA Security Adaptive Authentication (OnPrem) version 7.3 RSA Security Authentication Manager- versions 5.2, 6.0, 6.1, 7.1

N

Vendor

NetContinuum

Log File FTP Syslog Syslog

Device

NetContinuum Web Application Firewall - version NC OS 5.x

Collection Method

Syslog

RSA Security Data Loss Prevention - version 7.0.0 RSA Security Key Manager - version 2.1.3

Network Appliance Data ONTAP - version 6.x

Syslog

S

Vendor Device

R3 Enterprise - version 4.7

Network Appliance NetCache - version 5.5R3, 5.6.2R1, Log File FTP 6.03, 6.1 NFR Nokia NIDS - version 3.x, 4.x, 5.x IP Series version 3.5 and earlier, 3.6, and 3.8 Syslog Syslog, SNMP SAP

Collection Method

File Reader

Nortel Nortel Nortel

Alteon Switch Firewall - version 8.x Syslog Contivity VPN Switch Passport 8600 Routing Switch version 3.7.5.2 (rebranded to Ethernet Routing Switch 8600) Syslog Syslog

Secure Computing Sidewinder G2 Security Appliance - Syslog versions 6.1.1.x, 6.1.2.x, 7.0.0.x Solsoft SonicWALL Sophos Sun NP - version 5.2.4 Firewall (alerting only) Enterprise Console - version 3.0 Solaris - versions 2.8, 2.9, 2.10 Syslog Syslog SNMP Syslog

Novell Novell

eDirectory - version 8.8 SuSE Linux - version 9, 10, 10.2

SNMP Syslog

Sun

Solaris Basic Security Module (BSM) Log File FTP - versions 8, 9, 10, 11 Sourcefire - versions 4.6 and 4.8 Syslog

Sourcefire

O

Vendor Device Collection Method

Log File SFTP Syslog

Sybase

Sybase Adaptive Server Enterprise - ODBC version 15 AntiVirus Corporate Edition SNMP versions 9.0, 10.0, 10.1, 10.2, and 11 Enterprise Firewall - versions 6.x, SNMP 7.x, 8.x Intruder Alert - version 3.6 Network Security - version 4.0 SNMP Syslog

Symantec

Open Source NFDump - netflow v5, v7, and v9

Symantec

Open Source SNORT - version 2.8 (signature level 1.41.2.14) See: SNORT Alternative Branding Oracle Oracle - versions 8i, 9i, 10g, 11g

Symantec Symantec ODBC Log File FTP

Event Source Update

© 2009 RSA Security Inc. All rights reserved

Page 4 of 5

T

Vendor Device Collection Method

Syslog Syslog Syslog

Vendor

VMware

Device

Collection Method

TippingPoint SMS - versions 2.1, 2.5, 2.6, 2.7, 3.0 Top Layer Top Layer Attack Mitigator - version 2.1 Secure Edge Controller - version 2.01

VMware VirtualCenter server- versions 2.0.2 Syslog and 2.5 VMWare ESX - versions 3.0.3 and 3.5 VMWare ESXi - version 3.5 VMware Embedded ESXi - version 3.5

W

Vendor Device Collection Method

Trend Micro OfficeScan Corporate Edition - version 7.0 SNMP Control Manager - version 3.5 Trend Micro ScanMail- ScanMail 8.0 Service Pack 1 for SNMP Microsoft Exchange 2000/2003/2007 Tripwire Tripwire Enterprise - versions 5.4, 5.5, 7.5 Log File FTP

WebSense Web Security Suite - versions 5.5, 6.3, 7.0 SNMP

V

This is an indicative list created on October 1st 2009, contact RSA support to find the latest status and details of the integration.

Event Source Update

© 2009 RSA Security Inc. All rights reserved

Page 5 of 5

Information

Supported_Devices

5 pages

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

1225217


Notice: fwrite(): send of 202 bytes failed with errno=104 Connection reset by peer in /home/readbag.com/web/sphinxapi.php on line 531