Radware DefensePro

Release Details

Package Details

The application consists of the following components:

1. Normalization Packages
   
   • LP_Radware DefensePro 
   • LP_Radware DefensePro AppVision 3_4 
2. Complied Normalizer
   
   • RadwareDefenseProCompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the Radware DefensePro v3.3.0 application:

1. Download the Radware DefensePro package from the Download section above.
2. Add Radware DefensePro as the required device in LogPoint.
3. Create a collection policy with the Syslog Collector and appropriate processing policy.  
4. Assign the collection policy to the device.

Supported Device

The supported device of Radware DefensePro with LogPoint in this configuration is:

• Radware DefensePro

Log Format

Expected Log Format

Syslog

Log Samples

DefensePro: 17-11-2016 15:11:16 WARNING 350 Anti-Scanning "TCP Scan (horizontal)" TCP 1.1.1.1,1.1.1.1 0 0.0.0.0 22 0 Regular "Global" ongoing 11 5 N/A 0 N/A medium drop FFFFFFFF-FFFF-FFFF-05C3-000155B90F67#000

DefensePro: 27-08-2015 15:11:16 WARNING 350 Anti-Scanning "TCP Scan (horizontal)" TCP 9.1.4.1 0 0.0.0.0 22 0 Regular "Global" ongoing 11 5 N/A 0 N/A medium drop FFFFFFFF-FFFF-FFFF-05C3-000155B90F67#000 DefensePro: 27-08-2015 15:11:16 WARNING 350 Anti-Scanning "TCP Scan" TCP 8.5.7.2 0 0.0.0.0 0 0 Regular "Global" ongoing 0 0 N/A 0 N/A medium drop FFFFFFFF-FFFF-FFFF-002B-000155B90F67#000 DefensePro: 01-04-2012 19:49:25 WARNING 300000 Intrusions "BO-WINXP" TCP 192.168.x.xxx 1607 192.1xx.x.xxx 80 3 Regular "DMZ-Policy" occur 1 0 N/A 0 N/A low drop FFFFFFFF-FFFF-FFFF-0001-00004F7B1BE5

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.