RSA SecurID

Version: RSA Authentication Manager v8.1 and later.

RSA SecurID (“SecurID”) is a two-factor authentication technology that is used to protect network resources. RSA Authentication Manager Software provides the security engine authentication requests.

Netsurion Open XDR supports and monitors the RSA SecurID and generates the alerts, reports, dashboards and saved searches for critical events like user authentication failure, admin login, failed login and DOS attack detection.

After the RSA SecurID is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security RSA SecurID – Account lockout This alert is generated when an account lockout event occurs.
Security RSA SecurID – Authentication failed This alert is generated when an authentication failure event occurs.
Security RSA SecurID – Database or directory access failure This alert is generated when a database access failure event occurs.
Security RSA SecurID – Passcode reuse This alert is generated when a passcode reuse event occurs.
Security RSA SecurID – PIN changed attempt failed This alert is generated when PIN changed attempt failed event occurs.
Security RSA SecurID – SMS passcode reuse This alert is generated when an SMS passcode reuse event occurs. 
Security RSA SecurID – Denial of service attack detected This alert is generated when RSA detects the DOS attack.
Security RSA SecurID – Console admin logged in This alert is generated when the console admin logged event occurs.
Security RSA SecurID – Console admin logged in This alert is generated when console admin login failure event occurs.
Operations RSA SecurID – Replication failed This alert is generated when the port shuts down due to replication failed event occurs. 
Operations RSA SecurID – System state change This alert is generated when the system starts, or shutdown event occurs.

Reports

Type Name Description
Security RSA SecurID – User authentication failed This report gives detailed information on user authentication failed with agent details.
Security RSA SecurID – User account lockout details This report gives information on user details which were locked due to lockout policy.
Security RSA SecurID – Critical events This report gives information on the most critical or important events noticed that occurred in the RSA authentication manager (i.e.) DOS attack detected, the command executed.
Operations RSA SecurID – Admin activities This report gives information about the administrative activity events occurred on RSA authentication manager.
Operations RSA SecurID – Policy details This report gives detailed information on policy changes, new polices added or deleted.
Compliance RSA SecurID – Admin login activities This report gives detailed information on console admin login and logout.
Compliance RSA SecurID – User authentication activities This report gives detailed information on authentication user along with the agent and policy.

Documentation

The configuration details are consistent with Netsurion Open XDR version 9.x or later, and RSA Authentication Manager v8.1 and later.

Download Integration Guide and How-to Guide for configuration instructions and more information.