F5 BIG-IP LTM

Version: Firmware version 9.x to 14.x

F5 BIG IP turns your network into an agile infrastructure for application delivery. It’s a full proxy between users and application servers, creating a layer of abstraction to secure, optimize, and load balance application traffic.

Netsurion Open XDR supports F5 BIG IP integration. Some of the important events that Netsurion Open XDR looks for are:

  • User login failures: Provides a summarized view on unauthorized access or authentication failed events based on source IP location, example name of the city or country.
  • The SSL and user session activities: Provides a summarized view on SSL access and request events along with an SSL connection failed events.
  • Traffic management activities: Provides a summarized view on local and global network traffic, which includes source and destination IP, connection status along with the file path user is trying to access.

Netsurion Data Source Integrations for F5 Big IP allows you to monitor the following components:

  • Security – Logon Failed
  • Compliance – SSL Activity and Session Activity
  • Operations – Login and Logout details, Local traffic Management Activity, and Global traffic Management Activity

Once F5 BIG IP is configured to deliver events to Netsurion Open XDR Manager alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security F5 BIG IP LTM Login Failed This alert will be generated when there is a failed or unauthorized login attempt by the user.

Reports

Type Name Description
Security F5 BIG IP LTM Login Failed This report will generate a detailed view on failed or unauthorized login attempts.
Operations F5 BIG IP LTM Login and Logout activity This report will provide a detailed view of user access management.
Operations F5 BIG IP LTM Traffic Management Activity This report will generate detailed view on local traffic activities as discovered by the F5 appliance. This report also includes activities related configuration changes on F5 BIG IP LTM.
Operations F5 BIG IP GTM Activity This report will generate detailed view on global traffic activities as discovered by the F5 appliance.
Compliance F5 BIG IP LTM SSL Activity This report will generate a detailed view of all the SSL related activities.

Documentation

The configurations details are consistent with Netsurion Open XDR 9.x and later, and F5 BIG IP LTM.

Download Integration Guide for configuration instructions and more information.