Cyberoam UTM Firewall

Version: Cyberoam UTM CR500i,Version 9.5.4 and later.

Cyberroam firewall (NG and UTM) is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. It typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet that is assumed not to be secured or trusted.

Netsurion's Open XDR platform supports Cyberoam UTM Log events. The Netsurion's Open XDR platform monitors it and generates alert for user authentication failure, configuration changes, virus and spam detection, and reports for user management, admin operations, antivirus and antispam activity, firewall traffic activity and user activity. Its dashboard gives us the information about the top user usage, top application used, top source IP address usage, top destination IP address usage and top virus detected.

Netsurion Data Source Integration for Cyberoam UTM allows you to monitor following:-

  • Operations - Virus detection, User authentication success and firewall traffic activity.
  • Security - Attack detection, spam detection, web and application filter activity.
  • Compliance - User authentication failed, admin operations and user account management  

After the Cyberoam UTM is configured to deliver events to the Netsurion's Open XDR platform, the dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Cyberoam UTM - Attack detected This alert is generated when attack is detected.
Security Cyberoam UTM - Spam detected This alert is generated when spam is detected.
Operations Cyberoam UTM - Virus detected This alert is generated when virus is detected.
Compliance Cybroam UTM - Admin operations This alert is generated when address object, firewall rule, application and web filter policy, antivirus or spam filter policy is added, deleted or modified.
Compliance Cyberoam UTM - User authentication failed This alert is generated when user fails to authenticate with firewall more than 5 times in 10 second.

Reports

Type Name Description
Security Cyberoam UTM - Antivirus activity This report provides information related to Antivirus activities like blocking of SMTP, ftp or http traffic due to virus which contains Protocol information (SMPT, FTP or HTTP), virus details (name of virus), source information (source IP and port, source country code, domain name, URL Details, file name) and destination information (Destination IP and port, destination country code).
Security Cyberoam UTM - Antispam activity This report provides information related to Antispam activity like blocking of SMTP, POP3 or IMAP traffic due to spam which contains source information (e.g. source mail id, source domain name, source IP and port, source country code), destination information (e.g. Destination mail id, destination domain name, destination IP and port, destination country code), message information (message subject, mail size) and action on spam (like allow or deny).
Security Cyberoam UTM - Application and web filtering This report provides information related to allowed and blocked traffic due to application and web filtering policy which contains URL and application information, Source information (source IP and port, source country code), destination information (Destination IP and port, Destination country code), web and application filter policy ID and status of traffic (allowed or blocked).
Operations Cyberoam UTM - User authentication success This report provides information related to user successfully authenticating with firewall which contains user information (username and group name) and source IP information.
Operations Cyberoam UTM - Firewall traffic allowed and denied This report provides information related to allowed or blocking of traffic due to web and application filter, IPS, antivirus or antispam which contains source information (Source IP and port, source country code, internal interface, source zone), destination information (Destination IP and port, destination country code, outer interface, destination zone), traffic details (SMTP, FTP, HTTP,etc), status of traffic (allowed or blocked) and reason why it is blocked (DOS attack, web or application filter policy).
Compliance Cyberoam UTM - User authentication failed This report provides information related to user failing to authenticate with firewall which contains user information (username and group name), Source IP and reasons why it is failed.
Compliance Cyberoam UTM - Admin operations This report provides information related to admin operations like addition, deletion and updating of address object, firewall rules, antivirus and antispam policy which contains parameter(e.g. address object, firewall rules, policy,etc) details, Source IP, changes status and console information (GUI, CLI or central management).
Compliance Cyberoam UTM - User account management This report provides information related to user management like addition, deletion and modification of user or group and it’s setting, which contains user or group information, what operations happened on it and by whom changes happened.

Documentation

The configuration details are consistent with Netsurion's Open XDR platform version 7.x or later, and Cyberoam UTM.

Download Integration Guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept