Applies To: Cisco PIX 500 series and later.
Overview
Integrated Cisco PIX firewall hardware and software delivers full stateful firewall protection and IP Security (IPSec) VPN capabilities, allowing you to rigorously protect your internal network from outside intrusions.
EventTracker offers a high-level view, but allows you to drill down to the most granular level and provide you with the information you need – whether you are in charge of overall implementation, security, and compliance, or focused on the details of the events of specific devices.
EventTracker supports Cisco PIX and it can be configured to send syslog to EventTracker Enterprise.
Cisco PIX Logging
EventTracker Knowledge Pack for Cisco PIX Firewall allows you to monitor following:-
- Monitoring authentication success and failures.
- Monitoring debugging and critical messages.
- Monitoring privilege changes made in Cisco PIX.
- Monitoring events related to Cisco secure Intrusion Detection System.
Once logs are received in to EventTracker, Alerts and reports can be configured into EventTracker.
Some of the Knowledge Packs available in EventTracker are listed below. For more information please refer Integration Guide.
Categories and Reports:-
- Cisco PIX: Authentication failure - This category based report provides information related to authorization denied.
- Cisco PIX: Connection denied - This category based report provides information related to connection denied.
- Cisco PIX: IDS intrusion detection - This category based report provides information related to Cisco Secure Intrusion Detection System events gets generated.
- Cisco PIX: Privilege level change - This category based report provides information related to privilege changes made in Cisco PIX device.
- Cisco PIX: Authentication success - This category based report provides information related to authorization permitted for user.
Alerts:-
- Cisco PIX: Authentication failed - This alert is generated when authorization denied.
- Cisco PIX: IDS intrusion detection - This alert is generated Cisco Secure Intrusion Detection System events gets generated.
Scope
The configurations detailed are consistent with EventTracker Enterprise version 7.x, and Cisco PIX 500 series & later.
Documentation:
For more information please refer the Integration guide