Trustwave
Trustwave normalizes Trustwave Secure Email Gateway (SEG) and Trustwave Secure Web Gateway (SWG) events and allows you to analyze Trustwave SEG and Trustwave SWG data.
Package Details
Trustwave components:
-
Normalization Packages
- LP_Trustwave SEG
- LP_Trustwave SEG Generic
- LP_Trustwave SWG
-
Compiled Normalizer
- TrustwaveSWGNormalizer
Enhancement
| Description | Issue ID | Reference ID |
|---|---|---|
| Added Syslog Collector based Trustwave log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. |
KB-22670 |
- |
Installation
To install Trustwave:
- Download the .pak file from the Download link above.
- Go to Settings >> System Settings from the navigation bar and click Applications.
- Click Import.
- Browse to the downloaded .pak file.
- Click Upload.
Past Releases
Trustwave v5.0.2
Supported On: Logpoint v6.7.0 and later
Download: Trustwave_5.0.2.pak
SHA256: c845a52874742ac914e5158b1eac0abf6a7780f94a5ae2fd1b23d09c66e1638d
Enhancement
|
Description |
Issue ID |
Zendesk Support ID |
|---|---|---|
| The labels Policy and Violation are added for the Policy Violation events in the TrustwaveSWG logs. | KB-10967 | 46922, 49708 |
Bug Fix
|
Description |
Issue ID |
Zendesk Support ID |
|---|---|---|
| An issue where the field action of the TrustwaveSWG logs was incorrectly normalized has now been resolved. | KB-10967 | 46922, 49708 |
Supported Version
- Trustwave SEG (previously known as MailMarshal SEG or MailMarshal SMTP)
Log Samples
Expected Log Source
Trustwave SEG
Log Sample
1972 12:55:36.765 RX: <MAIL FROM:< test@abc.com> SIZE=2376>
Expected Log Source
Trustwave SWG
Log Samples
<13>Dec 17 14:18:49 lp-01-logpoint.nepal Dec 17 14:18:49 lp-01-logpoint : 2018-12-17T14:18:47+0100 lp-01-logpoint.localdomain : Trustwave SWG Web Event - HTML Repair: ; Action: Block; Block reason: xxxx<br> <b>sdfsdfadfaf</b> <br>sdfasdfa dfafafa <b>EXE</b>.<br>Transaction ID xxxxxxxx. ; Cache Hit: ; Client IP: 1.1.1.1; Destination IP: ; NTLM User Name: ; File Name: sdf.exe; HTTP Method: GET ; HTTPS Policy Name: ; HTTPS Policy Rule Name: ; ICAP block reason: ; Identification Policy Name: ; Identification Rule Name: ; Master Policy Name: ; Master Policy Rule Name: ; Security Policy Name: xxxx_rule; Protocol: ICAP/HTTPS; Referer: ; Response Status: 200; Security Policy Rule Name: BlockBlacklistedFiles; Scanning Server IP: xxxxx; Site: xxxxx; Transaction ID: xxxxx; Transaction time: 12/17/2018 14:18:47; Transaction Size: 1130840; True Content Type: Packed Executables; URL: https://xxxxx/edgedl/release2/update2/LRsxN5n35Q8_1.3.33.17/GoogleUpdateSetup.exe?cms_redirect=yes&mip=192.168.1.12&mm=28&mn=sdfadfad&ms=nvh&mt=dsfdf&mv=u&pl=24 &shardbypass=yes; URL Category: ; Domain: ; User name: xxxxx; X-Ray: N
<13>Sep 7 08:03:46 xxxx Sep 7 08:03:46 xxxx : 2020-09-07T08:03:46+0200 xxx.xxx : Trustwave SWG System Event - Failed to download list of available updates: 'HTTP error code: 56'.
Trustwave v3.2.0
Release Date: May 14, 2020
Supported On: Logpoint v6.7.0 and later
Download: Trustwave_3.2.0.pak
SHA256: 8c2053feaeeaeeeda7235adc9276ac6da02b355783d7d8b697db09a76cab8fe2
Enhancement
A minor update in the Trustwave's normalizer for better signature handling.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.