Cisco ACS
Version: Cisco ACS version 4.0 and later.
ACS is a policy-based security server that provides standards-compliant Authentication, Authorization, and Accounting (AAA) services to your network. ACS facilitates the administrative management of Cisco and non-Cisco devices and applications.
Netsurion Open XDR supports Cisco ACS 4.0 and later. It monitors event log management and include File Integrity Monitoring, Change Audit, Config Assessment, Cloud Integration, Event Correlation, and writable media monitoring.
Netsurion Data Source Integration for Cisco ACS allows you to monitor following:-
- Operations – Syslog messages for different services, account operations (addition, deletion and modification of user and group) and shutdown/restarting of system.
- Security – Suspicious network activities, if there is any changes in privileges on user logon/authentication activities (logon, logoff).
- Compliance – Changes in policy configuration (addition and deletion).
After the Cisco ACS is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Operations | Cisco ACS – Administrator Logon Failed | This alert is generated when admin fails to login to the system. |
| Operations | Cisco ACS – Configuration Changed | This alert is generated when there is any change in the system configuration. |
| Compliance | Cisco ACS – User Authentication Failed | This alert is generated when the user authentication fails. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Cisco ACS – Password Changed | This alert is generated when there is any change in the password. |
| Security | Cisco ACS – User Authentication Success | This report provides information related to user authentication success which include User Name, Source IP, Destination IP and Success from fields. |
| Security | Cisco ACS – Administrator Audit Details | This report provides information related to administrator audit activities which include User Name, Source IP, Object type from fields. |
| Operations | Cisco ACS – Administrator Logon Activity | This report provides information related to administrator logon activity which include User Name, Source IP, Destination IP from fields. |
| Operations | Cisco ACS – User Authentication Failure | This report provides information related to user authentication failure which include User Name, Source IP, Destination IP and Failed from fields. |
| Compliance | Cisco ACS – User Authentication Success | This report provides information related to user authentication success which include User Name, Source IP, Destination IP and Success From fields. |
| Compliance | Cisco ACS – Administrator Audit Details | This report provides information related to administrator audit activities which include User Name, Source IP, Object type from fields. |
| Compliance | Cisco ACS – Password Changed | This report provides information related to password changed which include User Name, Source IP, Account name, Account type, Password type from fields. |
| Compliance | Cisco ACS – Configuration Changed | This report provides information related to configuration changes which include User Name, Source IP, Object type, Object name from fields. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x or later, and Cisco ACS version 4.0 and later.
Download Integration Guide for configuration instructions and more information.