Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
app-115003788509.png

Trustwave

Trustwave normalizes Trustwave Secure Email Gateway (SEG) and Trustwave Secure Web Gateway (SWG) events and allows you to analyze Trustwave SEG and Trustwave SWG data. 

Release Details
Version: 5.1.0
Release date: May 07, 2024
Supported On: Logpoint v7.4.0 or later for log source template
SHA 256: 9f2c268595754134d0cb1cf1ff8f69d47ebd0dc4d45d8aa5681b171216e92b5c
Download

Package Details

Trustwave components:

  1. Normalization Packages
    • LP_Trustwave SEG 
    • LP_Trustwave SEG Generic 
    • LP_Trustwave SWG
  2. Compiled Normalizer
    • TrustwaveSWGNormalizer

 

Enhancement

Description Issue ID Reference ID
Added Syslog Collector based Trustwave log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.

KB-22670

-

Installation

To install Trustwave:

  1. Download the .pak file from the Download link above. 
  2. Go to Settings >> System Settings from the navigation bar and click Applications.
  3. Click Import.
  4. Browse to the downloaded .pak file.
  5. Click Upload.

Past Releases

Trustwave v5.0.2

Release Date: May 05, 2021

Supported On: Logpoint v6.7.0 and later

Download: Trustwave_5.0.2.pak

SHA256: c845a52874742ac914e5158b1eac0abf6a7780f94a5ae2fd1b23d09c66e1638d

Enhancement

Description

Issue ID

Zendesk Support ID

The labels Policy and Violation are added for the Policy Violation events in the TrustwaveSWG logs. KB-10967 46922, 49708

Bug Fix

Description

Issue ID

Zendesk Support ID

An issue where the field action of the TrustwaveSWG logs was incorrectly normalized has now been resolved. KB-10967 46922, 49708

Supported Version

  • Trustwave SEG (previously known as MailMarshal SEG or MailMarshal SMTP)

Log Samples

Expected Log Source

Trustwave SEG

Log Sample

1972 12:55:36.765 RX: <MAIL FROM:< test@abc.com> SIZE=2376>

Expected Log Source

Trustwave SWG

Log Samples

<13>Dec 17 14:18:49 lp-01-logpoint.nepal Dec 17 14:18:49 lp-01-logpoint : 2018-12-17T14:18:47+0100 lp-01-logpoint.localdomain : Trustwave SWG Web Event - HTML Repair: ; Action: Block; Block reason: xxxx<br> <b>sdfsdfadfaf</b> <br>sdfasdfa dfafafa <b>EXE</b>.<br>Transaction ID xxxxxxxx. ; Cache Hit: ; Client IP: 1.1.1.1; Destination IP: ; NTLM User Name: ; File Name: sdf.exe; HTTP Method: GET ; HTTPS Policy Name: ; HTTPS Policy Rule Name: ; ICAP block reason: ; Identification Policy Name: ; Identification Rule Name: ; Master Policy Name: ; Master Policy Rule Name: ; Security Policy Name: xxxx_rule; Protocol: ICAP/HTTPS; Referer: ; Response Status: 200; Security Policy Rule Name: BlockBlacklistedFiles; Scanning Server IP: xxxxx; Site: xxxxx; Transaction ID: xxxxx; Transaction time: 12/17/2018 14:18:47; Transaction Size: 1130840; True Content Type: Packed Executables; URL: https://xxxxx/edgedl/release2/update2/LRsxN5n35Q8_1.3.33.17/GoogleUpdateSetup.exe?cms_redirect=yes&mip=192.168.1.12&mm=28&mn=sdfadfad&ms=nvh&mt=dsfdf&mv=u&pl=24 &shardbypass=yes; URL Category: ; Domain: ; User name: xxxxx; X-Ray: N

<13>Sep 7 08:03:46 xxxx Sep 7 08:03:46 xxxx : 2020-09-07T08:03:46+0200 xxx.xxx : Trustwave SWG System Event - Failed to download list of available updates: 'HTTP error code: 56'.

Trustwave v3.2.0

Release Date: May 14, 2020

Supported On: Logpoint v6.7.0 and later

Download: Trustwave_3.2.0.pak

SHA256: 8c2053feaeeaeeeda7235adc9276ac6da02b355783d7d8b697db09a76cab8fe2

Enhancement

A minor update in the Trustwave's normalizer for better signature handling.

Support

If you have any questions or require assistance, create a support ticket.

  • app-115003788509.png (20 KB)

Comments

Article is closed for comments.

Follow

Related articles

  • Time Series Anomaly Plugin
  • Universal Normalizer
  • Universal REST API Fetcher
  • UEBA Analytics
  • SMS Passcode
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.