Aruba Clearpass

Version: Aruba Clearpass version 6.7 and above.

The Aruba Clearpass is a policy management platform. It allows an organization to effortlessly onboard new devices, grant varying access levels, and keep their networks secure across any multi vendor wired, wireless and VPN infrastructure.

Netsurion Open XDR integrates with Aruba Clearpass, collects log from Aruba Clearpass and creates a detailed reports, alerts, dashboards and saved searches. These attributes of Netsurion Open XDR helps users to view the most critical and important information on a single platform.

Reports provide detailed overview of activities like, Devices registered with Clearpass, RADIUS and TACACS authentication requests (success and failed), Policy manager system level activities, and many more.

Alerts notify as critical events are triggered by Aruba Clearpass. With alerts, users are notified about real time occurrences of events such as, failed RADIUS/TACACS authentications.

Dashboards depict system activities like ADD and REMOVE, RADIUS/TACACS successful logins and failed logins with geolocation support to highlight region/ area over a map. These services will include information such as suspicious source IP address, Source MAC address, NAS address, event category, device onboarded, policy added, etc.

After the Aruba Clearpass is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Aruba Clearpass – Failed login has been detected for RADIUS session This alert is triggered when clearpass receives an authentication failure for a RADIUS account.
Security Aruba Clearpass – Login failed detected for clearpass system This alert is triggered when clearpass receives an authentication failure for systems registered.
Security Aruba Clearpass – Failed login has been detected for Web authentication This alert is triggered when a web authentication fails in clearpass web console.

Reports

Type Name Description
Security Aruba Clearpass – RADIUS authentication failed This report generates a detailed summary of failed authentications that occurred in RADIUS server account. This includes, source MAC address, Authentication types, timestamp, username, etc.
Security Aruba Clearpass – System Activities (User login failed) This report generates a detailed summary of failed activity on clearpass policy manager. This includes information such as Source IP address, username, component, etc.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.x or later, and Aruba Clearpass version 6.7 and above.

Download Integration Guide and How-to Guide for configuration instructions and more information.