Tag Archives: vendor

My latest Gartner research: Vendor Rating: Huawei

5 December 2017  |  Huawei’s transition from being an ICT technology provider to providing both ICT infrastructure and cloud services in China has had impacts domestically and abroad. This research enables infrastructure and operations leaders to assess Huawei’s technology and supplier management risks and benefits….

Gartner clients can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

Configuring Logstash and Kibana to receive and Dashboard Sonicwall Logs

Note: If you want to quickly download my Logstash config and Kibana dashboards, see the end of this post.

Locate and Update your Logstash.conf File
First, you must update your logstash configuration file, generally located in /etc/logstash or /etc/logstash/conf.d/ and named logstash.conf

Add a logstash input
In logstash.conf, you must first add an input which will allow logstash to receive the syslog from your Sonicwall appliance along with a designated “listening” port. For my configuration, I set this to port 5515. In my logstash instance, I am using Suricata SELKs, so you can also see a file input for that prior to my Sonicwall input. See below (the text highlighted in RED was the text I added to the config file).

input {
file {
path => [“/var/log/suricata/eve.json”]
#sincedb_path => [“/var/lib/logstash/”]
sincedb_path => [“/var/cache/logstash/sincedbs/since.db”]
codec => json
type => “SELKS”
}
syslog {
type => Sonicwall
port => 5515
}

Insert a logstash Filter
The next step is to insert a new filter for parsing your sonicwall logs, this is so that Logstash knows how to automatically create fields so that you can filter on specific fields in Syslog. Below is the text that I added to the configuration file.  Important: You must make sure that if you have pre-existing filters, your start and end curly braces appropriately open and close and in the filter section the text below incorporated into the filter bracketed text.

if [type] == “Sonicwall” {
kv {
exclude_keys => [ “c”, “id”, “m”, “n”, “pri” ]
}
grok {
match => [ “src”, “%{IP:srcip}:%{DATA:srcinfo}” ]
}
grok {
match => [ “dst”, “%{IP:dstip}:%{DATA:dstinfo}” ]
}
grok {
remove_field => [ “srcinfo”, “dstinfo” ]
}
geoip {
add_tag => [ “geoip” ]
source => “srcip”
database => “/opt/logstash/vendor/geoip/GeoLiteCity.dat”
}

Configure the Parsed Output Location
Finally, you need to configure the output for the config file. The output is to send into the logstash instance. Below is the configuration for this. In this case, my logstash instance is sending to localhost because it is running on the same box.

}

output {
elasticsearch {
host => “127.0.0.1”
protocol => transport
}
}

Configure the Sonicwall
Next you will need to configure your Sonicwall to send syslog messages to the logstash server. Login to your sonicwall, go to “Log->Syslog and then add a server x.x.x.x with port 5515.

Next you’ll need to turn on Sonicwall Name Resolution for Logs
Go to Log->Name Resolution and make sure to setup a DNS server to resolve names. Otherwise, the src and dst fields in the Kibana dashboards will not have names and show double IP address entries.

Finally, you’ll need to configure dashboards in Kibana. To make all of this easier, I’ve included all my files below that can be easily downloaded.

Logstash Configuration *Use Right-Click and Save As*

Kibana Dashboards
(To Import go into Kibana and select “Load” then go to “Advanced and click on “Load File”)

  • Sonic-Alerts (Filters the Top Alert Messages from the Sonicwall Syslog
  • Sonic Top (Filters the Top Source and Destination hosts and events associated with your sonicwall.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Vendor Rating: Huawei

Huawei has established itself as a solid provider of ICT infrastructure technologies across consumer, carrier and enterprise markets worldwide. CIOs and IT leaders should utilize this research to familiarize themselves with Huawei’s “all-cloud” strategy and ecosystem development….

Gartner subscribers can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner Research: SWOT: Check Point Software Technologies, Network Security, Worldwide

Check Point remains a leading security vendor, with a strong and broad portfolio that has improved with the pace of innovation. However, its product leaders need better marketing and refined renewal pricing strategies to sustain its growth and leadership in the firewall market….

Gartner subscribers can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner Research: Cool Vendors in Security for Technology and Service Providers, 2016

The boundaries of information security are fast expanding. These Cool Vendors are pioneering new directions and potential opportunities in the security market. TSP product managers and CMOs looking to partner with these vendors should examine their innovative security technologies.

Gartner customers can read this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Healthcare Vendor Risk Management Programs Lagging, Says Study

http://healthitsecurity.com/news/healthcare-vendor-risk-management-programs-lagging-says-study By Elizabeth Snell healthitsecurity.com July 8, 2015 Healthcare vendor risk management programs can have a huge impact on a healthcare organization’s ability to keep sensitive data – such as patient PHI – secure. However, if a recent study is any indication, healthcare vendor risk management programs have room for improvement. The 2015 Vendor Risk Management Benchmark Study, conducted by The Shared Assessments Program and Protiviti, found that vendor risk management programs within financial services organizations are more mature than companies in other industries, such as insurance and healthcare. “Even the more optimistic assessments of the current state of vendor risk management indicate that significant improvements may be needed,” the report’s authors explained. “The time for progress and improvements in vendor risk management capabilities is now, particularly when considering that cyberattacks and other security incidents are very likely to continue increasing.” The survey interviewed more than 460 executives and managers in various industries. Respondents were asked to rate their organization’s maturity level in different areas of vendor risk management on a 0 to 5 scale, with 0 equal to “Do not perform” and 5 equal to “Continuous improvement – benchmarking, moving to best practices.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Wearables Maker Jawbone Sues Fitbit Over Alleged Data Theft

http://www.eweek.com/mobile/wearables-maker-jawbone-sues-fitbit-over-alleged-data-theft.html By Todd R. Weiss eWEEK.com 2015-05-28 Wearables vendor Jawbone is suing rival Fitbit based on allegations that Fitbit hired away some Jawbone employees who then took confidential corporate information with them to their new jobs. The lawsuit, which was filed in California State Court in San Francisco, charges that Fitbit employees were “systematically plundering” confidential information by hiring the former Jawbone workers, who “improperly downloaded sensitive materials shortly before leaving,” according to a May 27 report by The New York Times. “This case arises out of the clandestine efforts of Fitbit to steal talent, trade secrets and intellectual property from its chief competitor,” Jawbone lawyers wrote in the complaint, according to the story. The lawsuit comes at an interesting time for Fitbit, which earlier in May filed for an initial public offering. The company has been in the business of creating and selling a full line of health tracking and fitness bands since 2007. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail