Citrix Netscaler

Version: Citrix NetScaler 10 and 11.

Citrix NetScaler makes applications run five times better, reduces web application ownership costs, optimizes the user experience, and makes sure that applications are always available.

Netsurion Open XDR offers a high-level view, but allows you to drill down to the most granular level and provide you with the information you need whether you are in charge of overall implementation, security, and compliance, or focused on the details of the events of specific devices. Citrix NetScaler can be configured to send syslogs to Netsurion Open XDR.

Netsurion Data Source Integrations for Citrix NetScaler allows you to monitor the following components:-

  • Operations – TCP session details, SSLVPN ICA application started or terminated, SSLVPN session details, HTTP or Non-HTTP resource access denied.
  • Security – AAA session login or logout, AAA session login failed, ACL rule hit details, Console logon success.
  • Compliance – Command execution details, AppFW security violation details, SSLVPN session login or logout, Console logon failure.
  • Attacks – AppFW security violation details.

Once Citrix NetScaler is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Citrix NetScaler – Network interface hung This alert is generated when network interface is in ‘hung’ state.
Security Citrix NetScaler – Network interface reset This alert is generated when network interface is reset.
Security Citrix NetScaler – Network interface stopped This alert is generated when network interface is stopped.
Security Citrix NetScaler – Non HTTP resource access denied This alert is generated when non HTTP resource access is denied.
Security Citrix NetScaler – Pitboss process restarted This alert is generated when pitboss process restarted.
Security Citrix NetScaler – Pitboss system restarted This alert is generated when pitboss system restarted.
Security Citrix NetScaler – SNMP module started an alarm This alert is generated when SNMP module started an alarm.
Security Citrix NetScaler – SNMP module stopped an alarm This alert is generated when SNMP module stopped an alarm.
Security Citrix NetScaler – SSL certificate will expire soon This alert is generated when SSL certificate will expire soon.
Operations Citrix NetScaler – Device down This alert is generated when NetScaler device is down.
Operations Citrix NetScaler – Device out of service This alert is generated when NetScaler device is out of service.
Operations Citrix NetScaler – HA propagation failed This alert is generated when HA propagation failed.
Operations Citrix NetScaler – HTTP resource access denied This alert is generated when HTTP resource access is denied.
Operations Citrix NetScaler – Interface bound or unbound from a channel This alert is generated when Interface bound or unbound from a channel.
Operations Citrix NetScaler – Login failed This alert is generated when a module failed to login the user.
Operations Citrix NetScaler – NetScaler system stopped This alert is generated when NetScaler system has stopped.
Compliance Citrix NetScaler – SSLVPN license limit reached This alert is generated when SSLVPN license limit reached.
Compliance Citrix NetScaler – Start URL violation This alert is generated when URL violation has occurred.
Compliance Citrix NetScaler – AAA session login failed This alert is generated when AAA session login has been failed in the Citrix NetScaler.
Compliance Citrix NetScaler – AppFW DOS attack detected This alert is generated when AppFW DOS attack has occurred in the Citrix NetScaler.
Compliance Citrix NetScaler – AppFW security violation detected This alert is generated when AppFW security violation has been detected in the Citrix NetScaler.
Compliance Citrix NetScaler – Console logon failure This alert is generated when Console logon failure has occured in the Citrix NetScaler.
Attacks Citrix NetScaler – AppFW DOS attack detected This alert is generated when AppFW DOS attack has occurred in the Citrix NetScaler.
Attacks Citrix NetScaler – AppFW security violation detected This alert is generated when AppFW security violation has been detected in the Citrix NetScaler.

Reports

Type Name Description
Security Citrix NetScaler – AAA session login or logout This report provides the information related to session login or logout using AAA in Citrix NetScaler.
Security Citrix NetScaler – ACL rule hit details This report provides the information related to rule hit details of ACL in Citrix NetScaler.
Security Citrix NetScaler – Console logon success This report provides the information related to logon success for console in Citrix NetScaler.
Operations Citrix NetScaler – TCP session details This report provides the information related to TCP session details like source address, destination address, byte sent and received etc in Citrix NetScaler.
Operations Citrix NetScaler – SSLVPN ICA application started or terminated This report provides the information related to SSL VPN ICA whether the application has started or termination in Citrix NetScaler.
Operations Citrix NetScaler – SSLVPN session details This report provides the information related to SSLVPN session details like user name, source address, and destination address byte sent and received etc in Citrix NetScaler.
Operations Citrix NetScaler – HTTP or Non – HTTP resource access denied This report provides the information related to HTTP or non – HTTP resource access has been denied.
Compliance Citrix NetScaler – Command execution details This report provides the information related to execution of commands along with their details like user name, user address command executed and their status in Citrix NetScaler.
Compliance Citrix NetScaler – AppFW security violation details This report provides the information related to security violation details for AppFW in Citrix NetScaler.
Compliance Citrix NetScaler – SSLVPN session login or logout This report provides the information related to session login or logout of SSLVPN in Citrix NetScaler.
Compliance Citrix NetScaler – Console logon failure This report provides the information related to logon failure of console in Citrix NetScaler.
Compliance Citrix NetScaler – AAA session login failed This report provides the information related to login failed using AAA in Citrix NetScaler.
Attacks Citrix NetScaler – AppFW security violation details This report provides the information related to security violation details for AppFW in Citrix NetScaler.

Documentation

The configuration details are consistent with Netsurion Open XDR 7.x and later, and Citrix NetScaler.

Download Integration Guide for configuration instructions and more information.