Package Details

The application consist of the following components:

1. Normalization Packages
   • LP_Arbor Ddos
   • LP_Arbor Network APS

General Description

The Arbor Networks application normalizes Arbor Networks events and enables you to analyze Arbor Networks data. You can further customize the searches to perform an in-depth analysis.

Installation 

Follow these steps to install the Arbor Networks v5.0.0 application:

1. Download the Arbor Networks package from the Download section above.
2. Add the required Arbor Networks server as a device in LogPoint.
3. Create a collection policy with the Syslog collector and the appropriate processing policy.  
4. Assign the policy to the device.

Supported Device

The devices supported by the Arbor Networks with LogPoint in this configuration are:

• Arbor Pravail APS
• Arbor Network APS Version 5.9

Log Formats

Arbor Network APS 

Log Sample

Jan 20 13:42:21 xxxxx aps: Protection Level: Changed Protection Level from 1 to 2,URL: xxxxx

Arbor Ddos

Expected Log Format

CSV

Source,Country,Mitigation ID,Attack Category,Lowest Destination IP Seen,Highest Destination IP Seen,First Time Blocked,Last Time Blocked,Total Time Blocked,Lowest Protocol Seen,Highest Protocol Seen,Lowest Destination Port Seen,Highest Destination Port Seen,Total Blocked (Bytes),Rate Blocked (bps),Total Blocked (Packets),Rate Blocked (pps),AIF Reputation Categories,AIF Reputation Threats,Central Configuration ID,DNS Reputation Match

Log Sample

xxx.xxx.xxx.xxx,NP,35:40:45:91,Filter List,xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx,1471705981,1472655360,890,6,6,3762,65139,528,10,12,0,,,,False

To export data to LogPoint, use the Syslog collector on port 514 of the LogPoint server.