[Security Events | SNMP Traps - Citrix WAF / LB]

Thank you so much Johannes for your inputs!

 

Cheers,

Deeshu

[Security Events | SNMP Traps - Citrix WAF / LB]

Hi Johannes... Thanks for your inputs!

 

Though administration of Citrix is not in my hand. I majorly from SIEM platform (ArcSight, QRadar, LogRhythm, ElasticsSearch). I will drop these logs from my SIEM platform.

My main concern is to drop all such events from SIEM, which don't gives any value from SOC Security Monitoring point of view.

 

Currently in the environment, we have Citrix Load Balancer and Citrix WAF, and collecting logs from these devices through Syslog.

Referring below Citrix Syslog cheat sheet, objective is to drop all such events which don't gives any value from SOC Security Monitoring point of view.

 

https://developer-docs.citrix.com/projects/netscaler-syslog-message-reference/en/12.0/

 

 

TIA,

Deeshu

[Security Events | SNMP Traps - Citrix WAF / LB]

Hi Techs...

 

What are the list of SNMP trap rule names like "appfwPolicyHit" can be created/triggered in Citrix WAF or Load Balancer?

 

Currently I am getting events like below in my SIEM platform, which seems no use to Security Monitoring.

My objective here is to drill down on SNMP Traps events which can actually helps in Security monitoring of the environment, rest I am planning to drop to save the storage.

 

<134> 02/12/2020:05:58:59 GMT XXXXXXXXXX 0-PPE-1 : default SNMP TRAP_SENT 13621684 0 :  appfwPolicyHit (appfwLogMsg = "CEF:0|Citrix|NetScaler|NS12.0|APPFW|APPFW_POLI...", nsPartitionName = default)

 

 

TIA,

Deeshu