IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Sophos XG / Cyberoam DSM

    Posted Tue September 03, 2019 08:00 AM
    Hi,

    Is there anyone here got some basic DSM for Sophos XG (birth name Cyberoam) NG-FW? It would be great if I can save some time by not creating from scratch :)

    Sophos XG. Next Generation Synchronized Firewall Security.
    Sophos remove preview
    Sophos XG. Next Generation Synchronized Firewall Security.
    The world's best visibility and response. Expose hidden risks, stop unknown threats and isolate infected systems with Sophos XG Next Gen Firewall.
    View this on Sophos >


    Thanks



    ------------------------------
    Laszlo Pal
    ------------------------------


  • 2.  RE: Sophos XG / Cyberoam DSM

    Posted Fri September 27, 2019 02:50 AM
      |   view attached
    Hello.
    I parsed it yesterday.I can give you regex codes and custom fields,than you just map event name to event category,if you don't i can help you to do that.please see excel file.

    ------------------------------
    Davit Ubilava
    ------------------------------

    Attachment(s)

    xlsx
    Sophos Firewall Regex.xlsx   16 KB 1 version
    Original Message


  • 3.  RE: Sophos XG / Cyberoam DSM

    Posted Mon June 08, 2020 04:11 AM
    Edited by Cyber Bob Mon June 08, 2020 04:49 PM
    Hello, Davit.  Thank you for the XML file!  For anyone looking for a how-to video for Event Mapping in QRadar once you have the regex values in an XML, watch the following: https://www.youtube.com/watch?v=gN7JMpbuAy0

    As for the Event Mappings values I used, they were as follows:
    1.  Firewall Allow:
      1. Event Category = Allowed
      2. Event ID = Allow
      3. QID/Name = Firewall Permit - Event CRE
    2.  Firewall Deny:
      1. Event Category = Denied
      2. Event ID = Deny
      3. QID/Name = Firewall Deny - Event CRE


  • 4.  RE: Sophos XG / Cyberoam DSM

    Posted Fri October 11, 2019 10:13 AM
      |   view attached
    Please see my Extension

    ------------------------------
    Davit Ubilava
    System Administrator
    Delta Consulting LLC
    TbilisiGeorgia
    ------------------------------

    Attachment(s)

    xml
    SophosXGFirewall.xml   2 KB 1 version
    Original Message


  • 5.  RE: Sophos XG / Cyberoam DSM

    Posted Fri October 11, 2019 12:25 PM

    Thanks a lot. Did you apply this as an extension? I've tried this but I have only SophosXG custom messages. You?

     

    Thanks

    Laszlo

     

     




    Original Message