Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
app-115003790049.png

HP

The HP application for LogPoint SIEM allows you to monitor and identify threats in your organization using the HP data. LogPoint aggregates and normalizes logs from HP switches, TippingPoint Threat Protection System, HP printers, and HP storage so you can analyze the information through dashboards and security reports. HP's dashboards provide visualization related to HP switches, port status, users activities and authentication details, severities in your network, and interface configurations enabling you to monitor the security status of your organization. You can also adjust dashboards to suit your needs and perform in-depth analysis with customized data and searches.

For Logpoint version:

6.7.0 or later 6.0.0 to 6.6.6
Release Details
Version:5.1.0
Supported On:LogPoint v6.7.4 and later
Release date:2021-07-21
Document date:2021-07-21
SHA 256: 4219ae15b115a4dd62379dc92e6a15589ba77e422ceadc25495e2c836f39fdde
Download

Package Details

The application consists of the following components:

  1. Dashboard Packages
    • LP_HP Switch ProCurve 
    • LP_HP Switch 5820 Series 
    • LP_HP TippingPoint Network Security
  2. Report Packages
    • LP_HP Switch ProCurve 
    • LP_HP Switch 5820 Series 
    • LP_HP TippingPoint Network Security
  3. Normalization Packages
    • LP_HP Switch 5700 and 5900 Series
    • LP_HP Switch 5820 Series 
    • LP_HP Switch ProCurve
    • LP_HP TippingPoint Network Security
    • LP_HP Switch Generic 
    • LP_HP IPPM Printer
    • LP_HP Nonstop
    • LP_HP SAN SNMP
  4. Label Package
    • LP_HP Switch ProCurve 
  5. Compiled Normalizer
    • HPNonstopCompiledNormalizer

Enhancement

Description
Support ID
Zendesk Support ID
The application now includes a new normalization package LP_HP SAN  and LP_HP IPPM Printer that normalizes the HP SNMP SAN and  HP IPPM events respectively. KB-12479, KB-10011 52837, 43599

 

Installation 

Follow these steps to install the HP v5.1.0 application:

  1. Download the HP package from the Download section above.
  2. Add HP as a device in LogPoint.
  3. Create a collection policy with the Syslog collector and an appropriate processing policy.
  4. Assign the policy to the device.
  5. Add the dashboard.

Screenshots - Sample Dashboard

hp1.pnghp2.png

Supported Devices

The devices supported by HP with LogPoint are:

  • HP Switch Procurve
  • HP Switch 5820 Series v5.20 
  • HP TippingPoint Network Security
  • HP TippingPointNetworkSecurityManagementSystem for HP TippingPoint Network Security Management System (SMS)
  • HP Switch Generic - Hp Switch generic
  • HP Nonstop
  • HP Switch 5700 and 5900 Series - HP Flex Fabric Switch 5700 and 5900
  • HP IPPM Printer
  • HP SNMP SAN

Log Formats

Expected Log Format

HP Tipping Point Network

Log Sample

<37>Nov 6 10:10:10 HOSTNAME 7;1;xxxx;yyyy;"19558: TCP: RSA_EXPORT Cipher Suite Negotiation";19558;"tcp";192.168.6.183;443;192.168.3.128;7694;1;got-vpn-vlan27 virtual port A;got-vpn-vlan27 virtual port B;10;27;"xxxxx";83831548;1446798478068; ;35912507

 

Expected Log Format

HP Switch

Log Sample

FFI: port D7-Excessive CRC/alignment errors. See help. FFI: port B8-Excessive Broadcasts. See help. FFI: port D14-Excessive undersized/giant packets. See help. FFI: port C4-Excessive late collisions.

 

Expected Log Format

 HP IPPM Printer

Log Sample

18/11/19 - 04:50:26 xxxxx xxxx - (xxxx) printer state change - Job 17847 completed 18/11/19 - 04:50:26 xxxxx xxx - (xxxx) job 17847 complete 18/11/19 - 04:50:26 xxxxx xxxx - (xxx) job 17847 active

 

Expected Log Format


HP SAN SNMP

Log Sample

<6>1 2020-11-26T04:32:43.000000+00:00 srvname APPSV 708 - [details@347 ust="116444736000000000" lst="116444736000000000" ip="1.1.1.1" ssn="A12345" eventPriority="Informational" eventType="181"] Management Controller configuration parameters were set.

 

Change in the Previous Version

Change in HP v5.0.1

Enhancement

A minor update to the application's normalizer which improves signature handling

Release Details
Version:3.4.0
Supported On: LogPoint v6.0.0 to v6.6.6
Release date:2020-05-14
Document date:2020-05-14
SHA 256: e0134b7a523ad071f898eee110c4ab5da71e057a8fffdd326e042030fd1b54d6
Download

Package Details

The application consists of the following components:

  1. Dashboard Packages
    • LP_HP Switch ProCurve 
    • LP_HP Switch 5820 Series 
    • LP_HP TippingPoint Network Security
  2. Report Packages
    • LP_HP Switch ProCurvea 
    • LP_HP Switch 5820 Series 
    • LP_HP TippingPoint Network Security
  3. Normalization Packages
    • LP_HP Switch 5700 and 5900 Series
    • LP_HP Switch 5820 Series 
    • LP_HP Switch ProCurve
    • LP_HP TippingPoint Network Security
    • LP_HP Switch Generic 
  4. Label Package
    • LP_HP Switch ProCurve 
  5. Compiled Normalizer
    • HPNonstopCompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.  

Installation 

Follow these steps to install the HP v3.4.0 application:

  1. Download the HP package from the Download section above.
  2. Add HP as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy.
  4. Assign the policy to the device.
  5. Add the dashboard.

Screenshots

hp1.pnghp2.png

Supported Devices

The supported devices of HP with LogPoint in this configuration are:

  • HP Switch Procurve. 
  • LP_HP Switch 5820 Series v5.20. 
  • LP_HP TippingPoint Network Security. 
  • LP_HP TippingPointNetworkSecurityManagementSystem for HP TippingPoint Network Security Management System (SMS).
  • LP_HP Switch Generic - Hp Switch generic.
  • LP_HP Nonstop.
  • LP_HP Switch 5700 and 5900 Series - HP Flex Fabric Switch 5700 and 5900.

Log Format

Expected Log Format

        Semicolon-separated

Log Samples

<37>Nov 6 08:32:09 hawkeye 8;1;xxxxxxx-xxxx-11e0-4ca6-fa9e823b1437;00000001-0001-0001-0001-000000004107;"4107: BitTorrent: ABC (UDP)";4107;"udp";192.21.3.15;50321;10.19.3.4;6881;1;guest-wlan-got virtual port A;guest-wlan-got virtual port B;14;489;"ips242002-dmz";67212801;1446795129022; ;35912554

<37>Nov 6 09:27:58 hawkeye 7;1;xxxxxx-xxx-c012-4d59-9099-c658a4bdeae0;00000001-0001-0001-0001-000000019558;"19558: TCP: RSA_EXPORT Cipher Suite Negotiation";19558;"tcp";10.242.4.69;443;10.14.23.191;7694;1;got-vpn-vlan27 virtual port A;got-vpn-vlan27 virtual port B;10;27;"ips242002-ardh";83831548;1446798478068; ;35912507

<37>Jul 2 09:40:09 hawkeye 8;1;xxxxxxx-xxxx-4134-9af8-59bc8c2371e7;00000001-0001-0001-0001-000000006509;"6509: HTTPS: Dropbox Site Access";6509;"tcp";10.10.16.104;443;10.42.4.31;51572;1;got-vpn-vlan27 virtual port A;got-vpn-vlan27 virtual port B;11;27;"ips242002-ardh";67447036;1435822809038; ;31992116

 

Expected Log Format

        Syslog

Log Samples

FFI: port D7-Excessive CRC/alignment errors. See help. FFI: port B8-Excessive Broadcasts. See help. FFI: port D14-Excessive undersized/giant packets. See help. FFI: port C4-Excessive late collisions.

<190>May 10 17:29:12 2015 sw-core-montreux %%10SC/6/SC_AAA_SUCCESS(l): -AAAType=AUTHEN-AAAScheme= local-Service=login-UserName=admin@system; AAA is successful.

<190>Mar 1 18:45:34 2018 DC01-WT01 %%10LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent new neighbor created on Port Ten-GigabitEthernet1/0/38 (IfIndex 38), Chassis ID is 3d-90958-cab00, Port ID is 121.

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.


Support

If you have any queries or require assistance, please feel free to contact our support team:

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,
untitled.svg

Comments

Article is closed for comments.

Follow

Related articles

  • IBM
  • Ransomware Analytics
  • Logpoint Agent Collector
  • Creation of a new normalization request
  • NetFlow Collector
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.