Airlock

Airlock normalizes Airlock events and enables you to analyze Airlock data. You can further customize the searches and dashboard to perform in-depth analysis.

Release Details

Version:5.0.0

Release date:2020-05-14

Document date:2020-05-14

Supported On:LogPoint v6.0.0 and later

SHA 256: 7d6298847cf15d33177ae21d0300032d998123a3d5f1899a035937aa058c23d4

Download

Package Details

The application consist of the following components:

Dashboard Package
- LP_Airlock WAF
Normalization Packages
- LP_Airlock WAF
- LP_Airlock WAF Generic
- LP_Airlock WAF Process
Label Package
- LP_Airlock WAF

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation

Follow these steps to install the Airlock v5.0.0 plugin:

Download the Airlock package from the Download section above.
Add the required Airlock as a device in LogPoint.
Create a collection policy with the Syslog collector and appropriate processing policy.
Assign the policy to the device.
Add the dashboard.

Supported Version

The supported version of Airlock with LogPoint in this configuration is:

Airlock WAF v6.0

Log Format

Expected Log Format

Airlock WAF

Log Sample

Feb 1 09:17:16 airlock System: Feb 1 09:17:16 @Kxxxx---4xx--- Security sshd[xxxxx]: [authxxxx.info] Accepted password for xxxxx from xxx.xxx.x.xx port 1234 ssh2

Support

If you have any queries or require assistance, please feel free to contact our support team:

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,