Tenable Log Correlation Engine customers who have Stonegate firewalls within their environment can now make use of a new normalization library. The new PRM parses logs obtained from the Stonesoft product. The new PRM is available here.
If you have Stonegate firewalls within your network, download this new library and place it in the /usr/thunder/daemons/plugins directory and then restart the thunderd process. Also, if you are using the Never Before Seen TASL script, you should also update your PRM_mappings.prm file, which contains the event IDs for the new Stonegate logs.
The current list of supported network and host based firewall logs includes:
- Cisco ASA
- Cisco PIX
- CyberGuard (Secure Computing)
- OpenBSD's pf
- SideWinder (Secure Computing)
- Windows XP