Riverbed SteelHead
Version: Riverbed SteelHead CX Series
Riverbed SteelHead CX solution accelerates the performance of all applications including on-premise, cloud, and software-as-a-service (SaaS) across the hybrid WAN for organizations.
Netsurion Open XDR seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine Analytics and so forth.
Netsurion Data Source Integration for Riverbed SteelHead allows you to monitor the following components:-
- Security – Authentication failure, Blacklist and Suspicious IP activity details.
- Operation – Command executed, Traffic allow and Traffic deny details.
- Compliance – User login details and CPU load details.
Once Riverbed SteelHead is configured to deliver events to Netsurion Open XDR; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Riverbed SteelHead – Blacklist IP Activity | This alert will generate when an IP address added to the blacklist. |
| Security | Riverbed SteelHead – Authentication Failure | This alert will generate when the user request fails authentication. |
| Compliance | Riverbed SteelHead – CPU Load High | This alert will generate when the CPU usage of a process is constantly high. |
| Compliance | Riverbed SteelHead – Login Activity Detected | This alert will generate when a user logged on to the Riverbed SteelHead device through CLI or web. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Riverbed SteelHead – Authentication Failure | This report gives information about user’s authentication failure. |
| Security | Riverbed SteelHead – Blacklist IP Activity | This report gives information about IP addresses which were added to Black List. |
| Security | Riverbed SteelHead – Suspicious IP Activity | This report gives information about IP addresses which were added or removed from white list, gray list. |
| Operations | Riverbed SteelHead – Traffic Allow Details | This report gives information about allowed traffic. |
| Operations | Riverbed SteelHead – Traffic Deny Details | This report gives information about denied traffic. |
| Operations | Riverbed SteelHead – Command Executed | This report gives information about commands executed by users. |
| Compliance | Riverbed SteelHead – Login Activities | This report gives information about allowed traffic. |
Documentation
The configuration details are consistent with Netsurion Open XDR 8.x and later, and Riverbed SteelHead CX series.
Download Integration Guide for configuration instructions and more information.