Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Support for StoneGate Firewall Logs

Tenable Log Correlation Engine customers who have Stonegate firewalls within their environment can now make use of a new normalization library. The new PRM parses logs obtained from the Stonesoft product. The new PRM is available here.

If you have Stonegate firewalls within your network, download this new library and place it in the /usr/thunder/daemons/plugins directory and then restart the thunderd process. Also, if you are using the Never Before Seen TASL script, you should also update your PRM_mappings.prm file, which contains the event IDs for the new Stonegate logs. 

The current list of supported network and host based firewall logs includes:

  • Checkpoint
  • Cisco ASA
  • Cisco PIX
  • CyberGuard (Secure Computing)
  • Gauntlet
  • Juniper
  • Astaro
  • Arkoon
  • Fortinet
  • ipchains
  • Iptables
  • Ipfilter
  • Kerio
  • NetGear
  • OpenBSD's pf
  • SideWinder (Secure Computing)
  • SonicWall
  • Stonegate
  • PortSentry
  • Sygate
  • Symantec
  • Windows XP
  • ZoneAlarm