RSA SecurID
The RSA SecurID application normalizes RSA SecurID events and enables you to analyze RSA SecurID data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.
The application consists of the following components:
-
Dashboard Packages
- LP_RSA SecurID Admin and System
- LP_RSA Authentication Failure Events
- LP_RSA SecurID Runtime
-
Alert Packages
- LP_RSA SecurID Authentication Fail
- LP_RSA SecurID NextTokenCode Activation
- LP_RSA SecurID Account Lockout
- LP_RSA SecurID Passcode Reuse
-
Normalization Package
- LP_RSA SecurID
-
Label Package
- LP_RSA SecurID
Release Details
Enhancement
Installation and Log Format
Installation
- Download the RSA SecurID package from the Download section.
- Add the required RSA Authentication Manager server as a device in Logpoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
- Add the dashboard.
Supported Version
The supported versions of RSA SecurID with Logpoint in this configuration are:
- RSA SecurID Appliance 130
- RSA SecurID Appliance 250
Log Format
Expected Log Format
RSA Runtime Format
Log Sample
6<14>2015-10-28 10:56:48,701, , audit.abc.com.rsa.ims.authn.impl.AuthenticationBrokerImpl, INFO, d4b742f06908a8cxxxxxxxxxxxx,xxxxxxxxxxxa8c008dce51d948e2f01,1.1.1.1,1.1.1.2,AUTHN_LOGIN_EVENT,13002,SUCCESS,AUTHN_METHOD_SUCCESS,428bfc456908a8c01f84d58b185b9c67-I55ViWb+ys8h,08930b6e6908a8c0032fe23b3e6826da,2b86e2046908a8c004090b8bfc567cb8,000000000000000000001000e0011000,BL,xxxxxxxxxx,xxxxxxxxxxxx,2c4a02996908a8c00293377dc18e4ba6,000000000000000000001000e0011000,2.2.2.2,BE-JPR-SA-1-OSS,7,000000000000000000002000f1022001,OnDemand,,,AUTHN_LOGIN_EVENT,5,1,,,,,069c21666908a8c01f4bc9f56a32f1e2,+32 498511036,,
Expected Log Format
RSA Admin
Log Sample
<14>2015-10-28 09:26:11,275, , audit.abc.com.rsa.ims.admin.impl.PrincipalAdministrationImpl, INFO, d4e793186908a8c01f74a2xxxxxxxxx,xxxxxxx6908a8c008dce51d948e2f01,1.2.2.2,1.3.3.3,UPDATE_PRINCIPAL,10055,SUCCESS,,3ebdba626908a8c01f2411219645f6e4-5MjikYi9ovWi,,a69439dc6908a8c0041703aeb0ce744b,2b86e2046908a8c004090b8bfc567cb8,000000000000000000001000e0011000,JNJ,Jaxxxxxxxx,Jaxxxxxxx,PRINCIPAL,02accb106908a8c01f7b0d53c9934088,2b86e2046908a8c004090b8bfc567cb8,000000000000000000001000e0011000,EBERG,,,,,,
Expected Log Format
RSA System
Log Sample
<12>2015-10-02 00:00:05,855, , system.com.rsa.ims.criticalnotification.impl.CriticalNotificationAdministrationImpl, WARN, b58e80050886500a1b1e0xxxxxxxx,xxxxxxxxxx00a0801e36fa92fae56,,1.1.1.1,CRITICAL_NOTIFICATION,16350,WARN,,,,,,,,,"Your deployment is at risk. A backup has not been created successfully in the last 7 days. Log on to the Operations Console, and select "Backup and Restore > Back Up Now" or "Backup and Restore > Schedule Backups".
To export data to Logpoint, use the Syslog collector on port 514 on the Logpoint server.
Past Release
RSA SecurID v5.0.0▾
Enhancement
A minor update has been made in the application’s normalizer for better signature handling.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.