Citrix Netscaler
Version: Citrix NetScaler 10 and 11.
Citrix NetScaler makes applications run five times better, reduces web application ownership costs, optimizes the user experience, and makes sure that applications are always available.
Netsurion Open XDR offers a high-level view, but allows you to drill down to the most granular level and provide you with the information you need whether you are in charge of overall implementation, security, and compliance, or focused on the details of the events of specific devices. Citrix NetScaler can be configured to send syslogs to Netsurion Open XDR.
Netsurion Data Source Integrations for Citrix NetScaler allows you to monitor the following components:-
- Operations – TCP session details, SSLVPN ICA application started or terminated, SSLVPN session details, HTTP or Non-HTTP resource access denied.
- Security – AAA session login or logout, AAA session login failed, ACL rule hit details, Console logon success.
- Compliance – Command execution details, AppFW security violation details, SSLVPN session login or logout, Console logon failure.
- Attacks – AppFW security violation details.
Once Citrix NetScaler is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Citrix NetScaler – Network interface hung | This alert is generated when network interface is in ‘hung’ state. |
| Security | Citrix NetScaler – Network interface reset | This alert is generated when network interface is reset. |
| Security | Citrix NetScaler – Network interface stopped | This alert is generated when network interface is stopped. |
| Security | Citrix NetScaler – Non HTTP resource access denied | This alert is generated when non HTTP resource access is denied. |
| Security | Citrix NetScaler – Pitboss process restarted | This alert is generated when pitboss process restarted. |
| Security | Citrix NetScaler – Pitboss system restarted | This alert is generated when pitboss system restarted. |
| Security | Citrix NetScaler – SNMP module started an alarm | This alert is generated when SNMP module started an alarm. |
| Security | Citrix NetScaler – SNMP module stopped an alarm | This alert is generated when SNMP module stopped an alarm. |
| Security | Citrix NetScaler – SSL certificate will expire soon | This alert is generated when SSL certificate will expire soon. |
| Operations | Citrix NetScaler – Device down | This alert is generated when NetScaler device is down. |
| Operations | Citrix NetScaler – Device out of service | This alert is generated when NetScaler device is out of service. |
| Operations | Citrix NetScaler – HA propagation failed | This alert is generated when HA propagation failed. |
| Operations | Citrix NetScaler – HTTP resource access denied | This alert is generated when HTTP resource access is denied. |
| Operations | Citrix NetScaler – Interface bound or unbound from a channel | This alert is generated when Interface bound or unbound from a channel. |
| Operations | Citrix NetScaler – Login failed | This alert is generated when a module failed to login the user. |
| Operations | Citrix NetScaler – NetScaler system stopped | This alert is generated when NetScaler system has stopped. |
| Compliance | Citrix NetScaler – SSLVPN license limit reached | This alert is generated when SSLVPN license limit reached. |
| Compliance | Citrix NetScaler – Start URL violation | This alert is generated when URL violation has occurred. |
| Compliance | Citrix NetScaler – AAA session login failed | This alert is generated when AAA session login has been failed in the Citrix NetScaler. |
| Compliance | Citrix NetScaler – AppFW DOS attack detected | This alert is generated when AppFW DOS attack has occurred in the Citrix NetScaler. |
| Compliance | Citrix NetScaler – AppFW security violation detected | This alert is generated when AppFW security violation has been detected in the Citrix NetScaler. |
| Compliance | Citrix NetScaler – Console logon failure | This alert is generated when Console logon failure has occured in the Citrix NetScaler. |
| Attacks | Citrix NetScaler – AppFW DOS attack detected | This alert is generated when AppFW DOS attack has occurred in the Citrix NetScaler. |
| Attacks | Citrix NetScaler – AppFW security violation detected | This alert is generated when AppFW security violation has been detected in the Citrix NetScaler. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Citrix NetScaler – AAA session login or logout | This report provides the information related to session login or logout using AAA in Citrix NetScaler. |
| Security | Citrix NetScaler – ACL rule hit details | This report provides the information related to rule hit details of ACL in Citrix NetScaler. |
| Security | Citrix NetScaler – Console logon success | This report provides the information related to logon success for console in Citrix NetScaler. |
| Operations | Citrix NetScaler – TCP session details | This report provides the information related to TCP session details like source address, destination address, byte sent and received etc in Citrix NetScaler. |
| Operations | Citrix NetScaler – SSLVPN ICA application started or terminated | This report provides the information related to SSL VPN ICA whether the application has started or termination in Citrix NetScaler. |
| Operations | Citrix NetScaler – SSLVPN session details | This report provides the information related to SSLVPN session details like user name, source address, and destination address byte sent and received etc in Citrix NetScaler. |
| Operations | Citrix NetScaler – HTTP or Non – HTTP resource access denied | This report provides the information related to HTTP or non – HTTP resource access has been denied. |
| Compliance | Citrix NetScaler – Command execution details | This report provides the information related to execution of commands along with their details like user name, user address command executed and their status in Citrix NetScaler. |
| Compliance | Citrix NetScaler – AppFW security violation details | This report provides the information related to security violation details for AppFW in Citrix NetScaler. |
| Compliance | Citrix NetScaler – SSLVPN session login or logout | This report provides the information related to session login or logout of SSLVPN in Citrix NetScaler. |
| Compliance | Citrix NetScaler – Console logon failure | This report provides the information related to logon failure of console in Citrix NetScaler. |
| Compliance | Citrix NetScaler – AAA session login failed | This report provides the information related to login failed using AAA in Citrix NetScaler. |
| Attacks | Citrix NetScaler – AppFW security violation details | This report provides the information related to security violation details for AppFW in Citrix NetScaler. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, and Citrix NetScaler.
Download Integration Guide for configuration instructions and more information.