Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
app-115003788509.png

Trustwave

Trustwave normalizes Trustwave Secure Email Gateway (SEG) and Trustwave Secure Web Gateway (SWG) events and allows you to analyze Trustwave SEG and Trustwave SWG data. 

Release Details
Version: 5.1.0
Release date: May 07, 2024
Supported On: Logpoint v7.4.0 or later for log source template
SHA 256: 9f2c268595754134d0cb1cf1ff8f69d47ebd0dc4d45d8aa5681b171216e92b5c
Download

Package Details

Trustwave components:

  1. Normalization Packages
    • LP_Trustwave SEG 
    • LP_Trustwave SEG Generic 
    • LP_Trustwave SWG
  2. Compiled Normalizer
    • TrustwaveSWGNormalizer

 

Enhancement

Description Issue ID Reference ID
Added Syslog Collector based Trustwave log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.

KB-22670

-

Installation

To install Trustwave:

  1. Download the .pak file from the Download link above. 
  2. Go to Settings >> System Settings from the navigation bar and click Applications.
  3. Click Import.
  4. Browse to the downloaded .pak file.
  5. Click Upload.

Past Releases

Trustwave v5.0.2

Release Date: May 05, 2021

Supported On: Logpoint v6.7.0 and later

Download: Trustwave_5.0.2.pak

SHA256: c845a52874742ac914e5158b1eac0abf6a7780f94a5ae2fd1b23d09c66e1638d

Enhancement

Description

Issue ID

Zendesk Support ID

The labels Policy and Violation are added for the Policy Violation events in the TrustwaveSWG logs. KB-10967 46922, 49708

Bug Fix

Description

Issue ID

Zendesk Support ID

An issue where the field action of the TrustwaveSWG logs was incorrectly normalized has now been resolved. KB-10967 46922, 49708

Supported Version

  • Trustwave SEG (previously known as MailMarshal SEG or MailMarshal SMTP)

Log Samples

Expected Log Source

Trustwave SEG

Log Sample

1972 12:55:36.765 RX: <MAIL FROM:< test@abc.com> SIZE=2376>

Expected Log Source

Trustwave SWG

Log Samples

<13>Dec 17 14:18:49 lp-01-logpoint.nepal Dec 17 14:18:49 lp-01-logpoint : 2018-12-17T14:18:47+0100 lp-01-logpoint.localdomain : Trustwave SWG Web Event - HTML Repair: ; Action: Block; Block reason: xxxx<br> <b>sdfsdfadfaf</b> <br>sdfasdfa dfafafa <b>EXE</b>.<br>Transaction ID xxxxxxxx. ; Cache Hit: ; Client IP: 1.1.1.1; Destination IP: ; NTLM User Name: ; File Name: sdf.exe; HTTP Method: GET ; HTTPS Policy Name: ; HTTPS Policy Rule Name: ; ICAP block reason: ; Identification Policy Name: ; Identification Rule Name: ; Master Policy Name: ; Master Policy Rule Name: ; Security Policy Name: xxxx_rule; Protocol: ICAP/HTTPS; Referer: ; Response Status: 200; Security Policy Rule Name: BlockBlacklistedFiles; Scanning Server IP: xxxxx; Site: xxxxx; Transaction ID: xxxxx; Transaction time: 12/17/2018 14:18:47; Transaction Size: 1130840; True Content Type: Packed Executables; URL: https://xxxxx/edgedl/release2/update2/LRsxN5n35Q8_1.3.33.17/GoogleUpdateSetup.exe?cms_redirect=yes&mip=192.168.1.12&mm=28&mn=sdfadfad&ms=nvh&mt=dsfdf&mv=u&pl=24 &shardbypass=yes; URL Category: ; Domain: ; User name: xxxxx; X-Ray: N

<13>Sep 7 08:03:46 xxxx Sep 7 08:03:46 xxxx : 2020-09-07T08:03:46+0200 xxx.xxx : Trustwave SWG System Event - Failed to download list of available updates: 'HTTP error code: 56'.

Trustwave v3.2.0

Release Date: May 14, 2020

Supported On: Logpoint v6.7.0 and later

Download: Trustwave_3.2.0.pak

SHA256: 8c2053feaeeaeeeda7235adc9276ac6da02b355783d7d8b697db09a76cab8fe2

Enhancement

A minor update in the Trustwave's normalizer for better signature handling.

Support

If you have any questions or require assistance, create a support ticket.

  • app-115003788509.png (20 KB)

Comments

Article is closed for comments.

Follow

Related articles

  • Time Series Anomaly Plugin
  • Universal Normalizer
  • Universal REST API Fetcher
  • UEBA Analytics
  • SMS Passcode
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.