Aruba Clearpass

Version: Aruba Clearpass version 6.7 and above.

The Aruba Clearpass is a policy management platform. It allows an organization to effortlessly onboard new devices, grant varying access levels, and keep their networks secure across any multivendor wired, wireless and VPN infrastructure.

Netsurion's Open XDR platform integrates with Aruba Clearpass, collects log from Aruba Clearpass and creates a detailed reports, alerts, dashboards and saved searches. These attributes of Netsurion's Open XDR platform helps users to view the most critical and important information on a single platform.

Reports provide detailed overview of activities like, Devices registered with Clearpass, RADIUS and TACACS authentications requests (success and failed), Policy manager system level activities, and many more.

Alerts notify as critical events are triggered by Aruba Clearpass. With alerts, users are notified about real time occurrences of events such as, failed RADIUS/TACACS authentications.

Dashboards depict system activities like ADD and REMOVE, RADIUS/TACACS successful logins and failed logins with geo-location support to highlight region/ area over a map. These services will include information such as suspicious source IP address, Source MAC address, NAS address, event category, device onboarded, policy added, etc.

After the Aruba Clearpass is configured to deliver events to the Netsurion's Open XDR platform, the dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Aruba Clearpass - Failed login has been detected for RADIUS session This alert is triggered when clearpass receives an authentication failure for a RADIUS account.
Security Aruba Clearpass - Login failed detected for clearpass system This alert is triggered when clearpass receives an authentication failure for systems registered.
Security Aruba Clearpass - Failed login has been detected for Web authentication This alert is triggered when a web authentication fails in clearpass web console.

Reports

Type Name Description
Security Aruba Clearpass - RADIUS authentication failed This report generates a detailed summary of failed authentications that occurred in RADIUS server account. This includes, source MAC address, Authentication types, timestamp, username, etc.
Security Aruba Clearpass - System Activities (User login failed) This report generates a detailed summary of failed activity on clearpass policy manager. This includes information such as Source IP address, username, component, etc.

Documentation

The configuration details are consistent with Netsurion's Open XDR platform version 9.x or later, and Aruba Clearpass version 6.7 and above.

Download Integration Guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept