RSA SecurID
Version: RSA Authentication Manager v8.1 and later.
RSA SecurID (“SecurID”) is a two-factor authentication technology that is used to protect network resources. RSA Authentication Manager Software provides the security engine authentication requests.
Netsurion Open XDR supports and monitors the RSA SecurID and generates the alerts, reports, dashboards and saved searches for critical events like user authentication failure, admin login, failed login and DOS attack detection.
After the RSA SecurID is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | RSA SecurID – Account lockout | This alert is generated when an account lockout event occurs. |
| Security | RSA SecurID – Authentication failed | This alert is generated when an authentication failure event occurs. |
| Security | RSA SecurID – Database or directory access failure | This alert is generated when a database access failure event occurs. |
| Security | RSA SecurID – Passcode reuse | This alert is generated when a passcode reuse event occurs. |
| Security | RSA SecurID – PIN changed attempt failed | This alert is generated when PIN changed attempt failed event occurs. |
| Security | RSA SecurID – SMS passcode reuse | This alert is generated when an SMS passcode reuse event occurs. |
| Security | RSA SecurID – Denial of service attack detected | This alert is generated when RSA detects the DOS attack. |
| Security | RSA SecurID – Console admin logged in | This alert is generated when the console admin logged event occurs. |
| Security | RSA SecurID – Console admin logged in | This alert is generated when console admin login failure event occurs. |
| Operations | RSA SecurID – Replication failed | This alert is generated when the port shuts down due to replication failed event occurs. |
| Operations | RSA SecurID – System state change | This alert is generated when the system starts, or shutdown event occurs. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | RSA SecurID – User authentication failed | This report gives detailed information on user authentication failed with agent details. |
| Security | RSA SecurID – User account lockout details | This report gives information on user details which were locked due to lockout policy. |
| Security | RSA SecurID – Critical events | This report gives information on the most critical or important events noticed that occurred in the RSA authentication manager (i.e.) DOS attack detected, the command executed. |
| Operations | RSA SecurID – Admin activities | This report gives information about the administrative activity events occurred on RSA authentication manager. |
| Operations | RSA SecurID – Policy details | This report gives detailed information on policy changes, new polices added or deleted. |
| Compliance | RSA SecurID – Admin login activities | This report gives detailed information on console admin login and logout. |
| Compliance | RSA SecurID – User authentication activities | This report gives detailed information on authentication user along with the agent and policy. |
Documentation
The configuration details are consistent with Netsurion Open XDR version 9.x or later, and RSA Authentication Manager v8.1 and later.
Download Integration Guide and How-to Guide for configuration instructions and more information.