Support for StoneGate Firewall Logs
Tenable Log Correlation Engine customers who have Stonegate firewalls within their environment can now make use of a new normalization library. The new PRM parses logs obtained from the Stonesoft product. The new PRM is available here.
If you have Stonegate firewalls within your network, download this new library and place it in the /usr/thunder/daemons/plugins directory and then restart the thunderd process. Also, if you are using the Never Before Seen TASL script, you should also update your PRM_mappings.prm file, which contains the event IDs for the new Stonegate logs.
The current list of supported network and host based firewall logs includes:
- Checkpoint
- Cisco ASA
- Cisco PIX
- CyberGuard (Secure Computing)
- Gauntlet
- Juniper
- Astaro
- Arkoon
- Fortinet
- ipchains
- Iptables
- Ipfilter
- Kerio
- NetGear
- OpenBSD's pf
- SideWinder (Secure Computing)
- SonicWall
- Stonegate
- PortSentry
- Sygate
- Symantec
- Windows XP
- ZoneAlarm
Related Articles
How To Assess the Cybersecurity Preparedness of IT Service Providers and MSPs
December 13, 2022Improperly evaluating the cybersecurity capabilities of prospective IT service providers and managed service providers (MSPs) can put your organization's data and systems at risk. A new guide from CompTIA can help you ask the right questions.
A Holiday Story, Internet Edition: The Impact Of Assessing And Addressing Log4j Installations Proactively
December 30, 2021A look at our log4j data.
Apache Log4j Flaw Puts Third-Party Software in the Spotlight
December 12, 2021Even in the most mature organizations, addressing the issue, also known as Log4Shell, requires a complex mix of software development practices, vulnerability management and web application scanning.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
Volt Typhoon: What State and Local Government Officials Need to Know
November 19, 2024Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
- Log Analysis