General Description
The Sidewinder Firewall application normalizes Sidewinder Firewall events and enables you to analyze the data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.
Release Details
|
Fields |
Details |
|---|---|
|
Name |
Sidewinder Firewall |
|
Version |
5.0.1 |
|
Supported On |
LogPoint v6.7.0 and later |
|
Release Date |
2020-05-14 |
| Document Date | 2020-05-14 |
| Download | SidewinderFirewall_5.0.1.pak |
| SHA256 |
2cac1537728dd64451434c00db039619ab3c38b59814201a01c5c57c723abd66 |
Package Details
The application consists of the following components:
-
Dashboard Package
- LP_Sidewinder Firewall
-
Normalization Package
- LP_Sidewinder Firewall
-
Compiled Normalizer
- SidewinderFirewallCompiledNormalizer
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the Sidewinder Firewall v5.0.1 plugin:
- Download the Sidewinder Firewall package from the Download section above.
- Add Sidewinder Firewall as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
- Add the Dashboard.
Screenshots
Supported Device
The supported device of Sidewinder Firewall with LogPoint in this configuration is:
- Sidewinder Firewall
Log Format
Expected Log Format
Key = Value separated by a comma
Log Sample
Oct 24 03:03:55 hostname.com.au auditd: date="Oct 23 17:03:55 2008 GMT",fac=f_mail,area=a_server,type=t_attack,pri=p_major,pid=11945,ruid=0,euid=0,pgid=1787,logid=0,cmd=sendmail,domain=mta1,edomain=mta1,hostname=hostname.com.au,event=access deny,srcip=1.1.1.1,srcburb=outside,attackip=2.2.2.2,attackburb=outside,queueid=m9NH3tOH011945,reason="Sendmail determined that this session is not allowed.",information="550 5.7.1 TrustedSource determined this IP address is untrusted. Reputation value: 0.0.0.10
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
Release Details
|
Fields |
Details |
|---|---|
|
Name |
Sidewinder Firewall |
|
Version |
3.3.0 |
|
Supported On |
LogPoint v6.0.0 to v6.6.6 |
|
Release Date |
2020-05-14 |
| Document Date | 2020-05-14 |
| Download | SidewinderFirewall_3.3.0.pak |
| SHA256 |
8c2d5f6d5cd7d95c03090dd89ad94b9b1f4c2f8c85d92c770611f37408f43a31 |
Package Details
The application consists of the following components:
-
Dashboard Package
- LP_Sidewinder Firewall
-
Normalization Package
- LP_Sidewinder Firewall
-
Compiled Normalizer
- SidewinderFirewallCompiledNormalizer
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the Sidewinder Firewall v3.3.0 plugin:
- Download the Sidewinder Firewall package from the Download section above.
- Add Sidewinder Firewall as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
- Add the Dashboard.
Screenshots
Supported Device
The supported device of Sidewinder Firewall with LogPoint in this configuration is:
- Sidewinder Firewall
Log Format
Expected Log Format
Key = Value separated by a comma
Log Sample
Oct 24 03:03:55 hostname.com.au auditd: date="Oct 23 17:03:55 2008 GMT",fac=f_mail,area=a_server,type=t_attack,pri=p_major,pid=11945,ruid=0,euid=0,pgid=1787,logid=0,cmd=sendmail,domain=mta1,edomain=mta1,hostname=hostname.com.au,event=access deny,srcip=1.1.1.1,srcburb=outside,attackip=2.2.2.2,attackburb=outside,queueid=m9NH3tOH011945,reason="Sendmail determined that this session is not allowed.",information="550 5.7.1 TrustedSource determined this IP address is untrusted. Reputation value: 0.0.0.10
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Article is closed for comments.