ArubaOS

Version: ArubaOS 6.5 version.

Overview

The Aruba OS operating system for Aruba Mobility Controllers, Mobility Access Switches and access points (APs) perform security and system administration, as well as hardware-based routing, switching, firewall and data encryption capabilities.

Netsurion Open XDR supports Aruba Mobility Controllers (Aruba OS), the syslog messages can be forwarded to Netsurion Open XDR and based on events alerts and reports can be configured into Netsurion.

Netsurion data source integration for Aruba OS allows you to monitor the following components:-

  • Security – ArubaOS – Connection failure, ArubaOS – Attack detected and ArubaOS – Firewall messages.
  • Compliance – ArubaOS – User login success, ArubaOS – User Authentication Failure, ArubaOS – User login failure.
  • Operation – ArubaOS – DHCP activities, ArubaOS – Connection details, ArubaOS – User authentication details.

Once Aruba OS is configured to deliver events to Netsurion Open XDR Manager; Knowledge objects and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security ArubaOS- Attack detected This alert will get triggered whenever association flood DoS attack is detected, ARP-spoofing is detected.
Operations ArubaOS – License expired This alert will get triggered whenever ArubaOS license is expired.
Compliance ArubaOS – User authentication failure This alert will get triggered whenever user authentication fails.

Reports

Type Name Description
Security ArubaOS – Connection failure This report provides information related to the connection failure with the profile manager.
Security ArubaOS – Attack detected This report provides information related to the association flood DoS attack detected, detected ARP-spoofing, system detected MAC spoofing and frame dropped.
Security ArubaOS – Firewall messages This report provides information related to the A firewall rule with log option as hit, as source IP address, source port, destination IP address, destination port details.
Operations ArubaOS – DHCP activities This report provides information related to the DHCP client disabled on the specified VLAN, request, release and decline.
Operations ArubaOS – Connection details This report provides information related to the Assoc connection success, Dis Assoc flood DoS attack detected and Assoc failure.
Operations ArubaOS – User authentication details This report provides information related to the user de-authenticated, log indicating that a user has been authenticated.
Compliance ArubaOS – User login success This report provides information related to the Management user authentication completed successfully.
Compliance ArubaOS – User Authentication Failure This report provides information related to the user authentication failure and authentication server out of service while serving request.
Compliance ArubaOS – User login failure This report provides information related to the client authentication failure and User de-authenticated.

Documentation

The configuration details in this guide are consistent with Netsurion Open XDR 9.x and later, and Aruba OS.

Download Integration Guide for configuration instructions and more information.