Aruba Clearpass
Version: Aruba Clearpass version 6.7 and above.
The Aruba Clearpass is a policy management platform. It allows an organization to effortlessly onboard new devices, grant varying access levels, and keep their networks secure across any multi vendor wired, wireless and VPN infrastructure.
Netsurion Open XDR integrates with Aruba Clearpass, collects log from Aruba Clearpass and creates a detailed reports, alerts, dashboards and saved searches. These attributes of Netsurion Open XDR helps users to view the most critical and important information on a single platform.
Reports provide detailed overview of activities like, Devices registered with Clearpass, RADIUS and TACACS authentication requests (success and failed), Policy manager system level activities, and many more.
Alerts notify as critical events are triggered by Aruba Clearpass. With alerts, users are notified about real time occurrences of events such as, failed RADIUS/TACACS authentications.
Dashboards depict system activities like ADD and REMOVE, RADIUS/TACACS successful logins and failed logins with geolocation support to highlight region/ area over a map. These services will include information such as suspicious source IP address, Source MAC address, NAS address, event category, device onboarded, policy added, etc.
After the Aruba Clearpass is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Aruba Clearpass – Failed login has been detected for RADIUS session | This alert is triggered when clearpass receives an authentication failure for a RADIUS account. |
| Security | Aruba Clearpass – Login failed detected for clearpass system | This alert is triggered when clearpass receives an authentication failure for systems registered. |
| Security | Aruba Clearpass – Failed login has been detected for Web authentication | This alert is triggered when a web authentication fails in clearpass web console. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Aruba Clearpass – RADIUS authentication failed | This report generates a detailed summary of failed authentications that occurred in RADIUS server account. This includes, source MAC address, Authentication types, timestamp, username, etc. |
| Security | Aruba Clearpass – System Activities (User login failed) | This report generates a detailed summary of failed activity on clearpass policy manager. This includes information such as Source IP address, username, component, etc. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.x or later, and Aruba Clearpass version 6.7 and above.
Download Integration Guide and How-to Guide for configuration instructions and more information.