This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
NathanFurze1
Beginner
Beginner
‎2011-08-01 03:45 PM

Stonesoft StoneGate Management Center

The StoneGate Management Center forms the core of the StoneGate Platform, providing unified network security management for StoneGate Firewall, VPN and IPS solutions.

 

Release Date

What’s New In This Release

07/28/2011

Initial support for Stonesoft StoneGate

10/19/2011

Add reporting variables for haddress and enVision ID

05/21/2012

Modified deployment scripts via ESI 1.2.0 for EnVision 4.1 support

05/29/2012

Modified for content 2.0 format

Note: Content 2.0 features substantial improvements to the parsing of event data into the various tables that are used for queries and reports. Content 2.0 is the future direction for all event sources within the supported library. For rules and reports, note the following:

-For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports.

-Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing.

-Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten.

-Custom reports may not produce the same results as previously. For guidance on updating custom reports, see the RSA enVision Content Inspection Tool document and the online Help topics that describe the Content 2.0 tables

Stonesoft_SGPE.zip
0 Likes
Reply
21 Replies
RSAAdmin
Beginner
Beginner
‎2011-08-19 02:52 AM

Hi,


I didn't find the appropriate XML file from the zip file that needs to be used on the StoneGate Log Server. SYSLOG_CONF_FILE: RSAenVision.xml was not found from the package. Should this be in the package or where can I find/fetch it?


-aj

0 Likes
Reply
NathanFurze1
Beginner
Beginner
In response to RSAAdmin
‎2011-08-19 12:12 PM

Antti,

 

     I reposted an updated configuration guide that is more clear.  The file is actually the StonesoftSGPE.xml file. 

 

Defining General Syslog Settings
To define general Syslog settings:
1. After the StoneGate ESI Package (StonesoftSGPE.zip) has been deployed on enVision, copy the StonesoftSGPE.xml file to the <installation directory>/data/fields/syslog_templates directory on the StoneGate Log Server.
2. Stop the Log Server......

 

Nathan

0 Likes
Reply
NathanFurze1
Beginner
Beginner
In response to NathanFurze1
‎2011-08-24 10:18 AM

correction from my previous post.  Please see the configuration document in the original post for the latest configuration guide.  The RSAenVision.xml will be provided by StoneSoft and is available for download from their support site.

 

To define general Syslog settings:
1. Retrieve the RSAenVision.xml file from Stonesoft website under Support>Technical Documentation>Tools.
2. Transfer the RSAenVision.xml file to the <installation directory>/data/fields/syslog_templates directory on the Log Server computer....

 

Nathan

0 Likes
Reply
NathanFurze1
Beginner
Beginner
In response to NathanFurze1
‎2011-08-31 10:11 AM

The RSAenVision.xml file is available here for download from StoneSoft

 

https://my.stonesoft.com/support/document.do?product=StoneGate&docid=6804 

 

Nathan

0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2011-09-27 11:14 AM

Hi, This integration has been done quite nicely. However, we found out that MessageIDs seen on the Analysis tool and baseline reports are not seen on the Firewall table. I tried to find out a reason for this going through the XML parser, but I wasn't able to discover this weird behavior. I will continue to investigate this. Obviously we need those MessageIDs on the Firewall table. Otherwise we cannot report on those events efficiently. Another issue is related to firewall device addresses. We can see the log source address, which is the log server. We need to see the actual firewall address also. This can be seen on the raw log messages and it seems that you've tried to put that actual firewall address also to a field called 'haddress' on the parser's header section. This cannot be seen on the Firewall table either. Could you check that we can see the necessary MessageIDs and also actual firewall device addresses on the Firewall table, please? There must be something wrong with the XML parser. -aj
0 Likes
Reply
NathanFurze1
Beginner
Beginner
In response to RSAAdmin
‎2011-09-27 03:55 PM

Antti, We're reviewing this and will revert back with an update as soon as possible and can collaborate offline at nfurze@rsa.com in the interim until we have an updated XML. Nathan
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to NathanFurze1
‎2011-10-19 09:41 AM

Any update for this?
0 Likes
Reply
NathanFurze1
Beginner
Beginner
In response to RSAAdmin
‎2011-10-19 10:59 AM

I have posted an updated XML and Configuration guide to the root post based on the feedback provided. Please download that file for the latest. Regards, Nathan
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to NathanFurze1
‎2011-10-19 01:48 PM

Thanks a lot for your fast reply!
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.