Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace

Sidewinder Firewall

Avatar Permanently deleted user
December 10, 2024 04:28
Follow
Sidewinder Firewall.png

General Description

The Sidewinder Firewall application normalizes Sidewinder Firewall events and enables you to analyze the data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.

For LogPoint v6.7.0 or later For LogPoint v6.0.0 to v6.6.6

Release Details

Fields

Details

Name

Sidewinder Firewall

Version

5.0.1

Supported On

LogPoint v6.7.0 and later

Release Date

2020-05-14

Document Date 2020-05-14
Download SidewinderFirewall_5.0.1.pak
SHA256

2cac1537728dd64451434c00db039619ab3c38b59814201a01c5c57c723abd66


Package Details

The application consists of the following components:

  1. Dashboard Package
    • LP_Sidewinder Firewall 
  2. Normalization Package
    • LP_Sidewinder Firewall 
  3. Compiled Normalizer
    • SidewinderFirewallCompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the Sidewinder Firewall v5.0.1 plugin:

  1. Download the  Sidewinder Firewall package from the Download section above.
  2. Add  Sidewinder Firewall as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.
  5. Add the Dashboard.

Screenshots

sidewinder.png

sidewinderfirewall1.png

Supported Device

The supported device of Sidewinder Firewall with LogPoint in this configuration is:

  • Sidewinder Firewall 

Log Format

Expected Log Format

Key = Value separated by a comma

Log Sample

Oct 24 03:03:55 hostname.com.au auditd: date="Oct 23 17:03:55 2008 GMT",fac=f_mail,area=a_server,type=t_attack,pri=p_major,pid=11945,ruid=0,euid=0,pgid=1787,logid=0,cmd=sendmail,domain=mta1,edomain=mta1,hostname=hostname.com.au,event=access deny,srcip=1.1.1.1,srcburb=outside,attackip=2.2.2.2,attackburb=outside,queueid=m9NH3tOH011945,reason="Sendmail determined that this session is not allowed.",information="550 5.7.1 TrustedSource determined this IP address is untrusted. Reputation value: 0.0.0.10

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.

Release Details

Fields

Details

Name

Sidewinder Firewall

Version

3.3.0

Supported On

LogPoint v6.0.0 to v6.6.6

Release Date

2020-05-14

Document Date 2020-05-14
Download SidewinderFirewall_3.3.0.pak
SHA256

8c2d5f6d5cd7d95c03090dd89ad94b9b1f4c2f8c85d92c770611f37408f43a31


Package Details

The application consists of the following components:

  1. Dashboard Package
    • LP_Sidewinder Firewall 
  2. Normalization Package
    • LP_Sidewinder Firewall 
  3. Compiled Normalizer
    • SidewinderFirewallCompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling. 

Installation 

Follow these steps to install the Sidewinder Firewall v3.3.0 plugin:

  1. Download the  Sidewinder Firewall package from the Download section above.
  2. Add  Sidewinder Firewall as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.
  5. Add the Dashboard.

Screenshots

sidewinderfirewall1.pngsidewinder.png

Supported Device

The supported device of Sidewinder Firewall with LogPoint in this configuration is:

  • Sidewinder Firewall 

Log Format

Expected Log Format

Key = Value separated by a comma

Log Sample

Oct 24 03:03:55 hostname.com.au auditd: date="Oct 23 17:03:55 2008 GMT",fac=f_mail,area=a_server,type=t_attack,pri=p_major,pid=11945,ruid=0,euid=0,pgid=1787,logid=0,cmd=sendmail,domain=mta1,edomain=mta1,hostname=hostname.com.au,event=access deny,srcip=1.1.1.1,srcburb=outside,attackip=2.2.2.2,attackburb=outside,queueid=m9NH3tOH011945,reason="Sendmail determined that this session is not allowed.",information="550 5.7.1 TrustedSource determined this IP address is untrusted. Reputation value: 0.0.0.10

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.


Support

If you have any queries or require assistance, please feel free to contact our support team: 

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,
untitled.svg

Comments

Article is closed for comments.

Related articles

  • Silverfort
  • Microsoft Exchange
  • AWSServices
  • Linux Firmware v3.0.0
  • Use Case
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.