Version: ArubaOS 6.5 version.
The Aruba OS operating system for Aruba Mobility Controllers, Mobility Access Switches and access points (APs) perform security and system administration, as well as hardware-based routing, switching, firewall and data encryption capabilities.
Netsurion Open XDR supports Aruba Mobility Controllers (Aruba OS), the syslog messages can be forwarded to Netsurion Open XDR and based on events alerts and reports can be configured into Netsurion.
Netsurion data source integration for Aruba OS allows you to monitor the following components:-
- Security – ArubaOS – Connection failure, ArubaOS – Attack detected and ArubaOS – Firewall messages.
- Compliance – ArubaOS – User login success, ArubaOS – User Authentication Failure, ArubaOS – User login failure.
- Operation – ArubaOS – DHCP activities, ArubaOS – Connection details, ArubaOS – User authentication details.
Once Aruba OS is configured to deliver events to Netsurion Open XDR Manager; Knowledge objects and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
|Security||ArubaOS- Attack detected||This alert will get triggered whenever association flood DoS attack is detected, ARP-spoofing is detected.|
|Operations||ArubaOS – License expired||This alert will get triggered whenever ArubaOS license is expired.|
|Compliance||ArubaOS – User authentication failure||This alert will get triggered whenever user authentication fails.|
|Security||ArubaOS – Connection failure||This report provides information related to the connection failure with the profile manager.|
|Security||ArubaOS – Attack detected||This report provides information related to the association flood DoS attack detected, detected ARP-spoofing, system detected MAC spoofing and frame dropped.|
|Security||ArubaOS – Firewall messages||This report provides information related to the A firewall rule with log option as hit, as source IP address, source port, destination IP address, destination port details.|
|Operations||ArubaOS – DHCP activities||This report provides information related to the DHCP client disabled on the specified VLAN, request, release and decline.|
|Operations||ArubaOS – Connection details||This report provides information related to the Assoc connection success, Dis Assoc flood DoS attack detected and Assoc failure.|
|Operations||ArubaOS – User authentication details||This report provides information related to the user de-authenticated, log indicating that a user has been authenticated.|
|Compliance||ArubaOS – User login success||This report provides information related to the Management user authentication completed successfully.|
|Compliance||ArubaOS – User Authentication Failure||This report provides information related to the user authentication failure and authentication server out of service while serving request.|
|Compliance||ArubaOS – User login failure||This report provides information related to the client authentication failure and User de-authenticated.|
The configuration details in this guide are consistent with Netsurion Open XDR 9.x and later, and Aruba OS.
Download Integration Guide for configuration instructions and more information.