McAfee Firewall Enterprise (Sidewinder)
Version: McAfee Firewall Enterprise (Sidewinder) 7.X and later.
McAfee Firewall Sidewinder and its related products, administrators can immediately begin to put firewall rules in the proper business context and take advantage of centralized firewall management, reporting, and user-friendly rule creation capabilities. Additionally, Firewall offers unprecedented levels of threat protection. Advanced capabilities such as reputation-based global threat intelligence, configurable application-level protection, encrypted traffic inspection, anti-virus, content filtering, and intrusion prevention systems (IPS) block attacks before they occur.
Netsurion Open XDR enables you to gather business intelligence, providing increased security, performance and reliability of your systems. Through alerts, knowledge base solutions, and reports, Netsurion Open XDR helps you correct problems long before a disastrous failure occurs.
Netsurion Open XDR supports McAfee Firewall Enterprise (Sidewinder) and it can be configured to send syslog to Netsurion Open XDR.
Netsurion Data Source Integration for McAfee Sidewinder allows you to monitor following:-
- Operations – Syslog messages for different services, account operations (addition, deletion and modification of user and group) and shutdown/restarting of system.
- Security – Suspicious network activities, if there is any changes in privileges on user logon/authentication activities (logon, logoff).
- Compliance – Changes in policy configuration (addition and deletion).
Once McAfee Firewall Enterprise (Sidewinder) is configured to deliver events to Netsurion Open XDR; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | McAfee Sidewinder – Access violation | This alert is generated when an object is accessed without permission. |
| Security | McAfee Sidewinder – ACL modification | This alert is generated when any changes made in Access control list. |
| Operations | McAfee Sidewinder – Hardware/Software failure | This alert is generated when any internal operation error occurs. |
| Compliance | McAfee Sidewinder – VPN traffic log | This alert is generated when connections are created and traffic is passed via a VPN through the firewall. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Mcafee Sidewinder – IP Filter | This report provides information related to IP filter whether it is open, close and timeout which includes Source Address, Source Port, Destination Address, Destination Port, User Name and other fields. |
| Security | Mcafee Sidewinder – Spam Attack | This report provides information related to Spam attacks which includes Source Address, Source Port, Domain, Edomain, Hostname, Eventname, Attack IP and other fields. |
| Operations | Mcafee Sidewinder – ACL Allowed | This report provides information related to Access Control List which includes Source Address, Source Port, Destination Address, Destination Port, User Name , Authentication Method and Access List ID and other fields. |
| Operations | Mcafee Sidewinder – ACL Denied | This report provides information related to Access Control List which includes Source Address, Source Port, Destination Address, Destination Port, User Name , Authentication Method and Access List ID and other fields. |
| Compliance | Mcafee Sidewinder – Authentication Allowed | This report provides information related to Authentication allowed which includes Domain, Edomain, Hostname, Eventname, Authentication method, Information and other fields. |
| Compliance | Mcafee Sidewinder – Authentication Denied | This report provides information related to Authentication denied which includes Domain, Edomain, Hostname, Eventname, Authentication method, Domain, Edomain, Hostname, Eventname, |
| Compliance | Mcafee Sidewinder – Authentication Lockout | This report provides information related to Authentication allowed which includes Domain, Edomain, Hostname, Eventname, Authentication method, Information and other fields. |
| Compliance | Mcafee Sidewinder – Configuration Changes | This report provides information related to Configuration Changes whether is it modified, restored and apply which includes Domain, Edomain, Hostname, Eventname, Information and other fields. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x or later, and McAfee Firewall Enterprise (Sidewinder).
Download Integration Guide for configuration instructions and more information.