RSA SecurID

 

Release Details

Package Details

The application consist of the following components:

1. Dashboard Packages
   
   • LP_RSA SecurID Admin and System 
   • LP_RSA Authentication Failure Events 
   • LP_RSA SecurID Runtime 
2. Alert Packages
   
   • LP_RSA SecurID Authentication Fail 
   • LP_RSA SecurID NextTokenCode Activation
   • LP_RSA SecurID Account Lockout 
   • LP_RSA SecurID Passcode Reuse 
3. Normalization Package
   • LP_RSA SecurID 
4. Label Package
   • LP_RSA SecurID 

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

General Description

The RSA SecurID application normalizes RSA SecurID events and enables you to analyze RSA SecurID data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.

Installation 

Follow these steps to install the RSA SecurID v5.0.0 plugin:

1. Download the RSA SecurID package from the Download section above.
2. Add the required RSA Authentication Manager server as a device in LogPoint.
3. Create a collection policy with the Syslog collector and appropriate processing policy. 
4. Assign the policy to the device.
5. Add the dashboard.

Supported Version

The supported versions of RSA SecurID with LogPoint in this configuration are:

• RSA SecurID Appliance 130
• RSA SecurID Appliance 250

Log Format

Expected Log Format

RSA Runtime Format

Log Sample

6<14>2015-10-28 10:56:48,701, , audit.abc.com.rsa.ims.authn.impl.AuthenticationBrokerImpl, INFO, d4b742f06908a8cxxxxxxxxxxxx,xxxxxxxxxxxa8c008dce51d948e2f01,1.1.1.1,1.1.1.2,AUTHN_LOGIN_EVENT,13002,SUCCESS,AUTHN_METHOD_SUCCESS,428bfc456908a8c01f84d58b185b9c67-I55ViWb+ys8h,08930b6e6908a8c0032fe23b3e6826da,2b86e2046908a8c004090b8bfc567cb8,000000000000000000001000e0011000,BL,xxxxxxxxxx,xxxxxxxxxxxx,2c4a02996908a8c00293377dc18e4ba6,000000000000000000001000e0011000,2.2.2.2,BE-JPR-SA-1-OSS,7,000000000000000000002000f1022001,OnDemand,,,AUTHN_LOGIN_EVENT,5,1,,,,,069c21666908a8c01f4bc9f56a32f1e2,+32 498511036,,

Expected Log Format

RSA Admin

Log Sample

<14>2015-10-28 09:26:11,275, , audit.abc.com.rsa.ims.admin.impl.PrincipalAdministrationImpl, INFO, d4e793186908a8c01f74a2xxxxxxxxx,xxxxxxx6908a8c008dce51d948e2f01,1.2.2.2,1.3.3.3,UPDATE_PRINCIPAL,10055,SUCCESS,,3ebdba626908a8c01f2411219645f6e4-5MjikYi9ovWi,,a69439dc6908a8c0041703aeb0ce744b,2b86e2046908a8c004090b8bfc567cb8,000000000000000000001000e0011000,JNJ,Jaxxxxxxxx,Jaxxxxxxx,PRINCIPAL,02accb106908a8c01f7b0d53c9934088,2b86e2046908a8c004090b8bfc567cb8,000000000000000000001000e0011000,EBERG,,,,,,

Expected Log Format

RSA System

Log Sample

<12>2015-10-02 00:00:05,855, , system.com.rsa.ims.criticalnotification.impl.CriticalNotificationAdministrationImpl, WARN, b58e80050886500a1b1e0xxxxxxxx,xxxxxxxxxx00a0801e36fa92fae56,,1.1.1.1,CRITICAL_NOTIFICATION,16350,WARN,,,,,,,,,"Your deployment is at risk. A backup has not been created successfully in the last 7 days. Log on to the Operations Console, and select ""Backup and Restore > Back Up Now"" or ""Backup and Restore > Schedule Backups"".",,,,,,

To export data to LogPoint use Syslog collector on port 514 on the LogPoint server.

Support

If you have any queries or require assistance, please feel free to contact our support team: 

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,