Deepak Shukla
-
Posts
3 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Deepak Shukla
-
-
Hi Johannes... Thanks for your inputs!
Though administration of Citrix is not in my hand. I majorly from SIEM platform (ArcSight, QRadar, LogRhythm, ElasticsSearch). I will drop these logs from my SIEM platform.
My main concern is to drop all such events from SIEM, which don't gives any value from SOC Security Monitoring point of view.
Currently in the environment, we have Citrix Load Balancer and Citrix WAF, and collecting logs from these devices through Syslog.
Referring below Citrix Syslog cheat sheet, objective is to drop all such events which don't gives any value from SOC Security Monitoring point of view.
https://developer-docs.citrix.com/projects/netscaler-syslog-message-reference/en/12.0/
TIA,
Deeshu
-
Hi Techs...
What are the list of SNMP trap rule names like "appfwPolicyHit" can be created/triggered in Citrix WAF or Load Balancer?
Currently I am getting events like below in my SIEM platform, which seems no use to Security Monitoring.
My objective here is to drill down on SNMP Traps events which can actually helps in Security monitoring of the environment, rest I am planning to drop to save the storage.
<134> 02/12/2020:05:58:59 GMT XXXXXXXXXX 0-PPE-1 : default SNMP TRAP_SENT 13621684 0 : appfwPolicyHit (appfwLogMsg = "CEF:0|Citrix|NetScaler|NS12.0|APPFW|APPFW_POLI...", nsPartitionName = default)
TIA,
Deeshu
Security Events | SNMP Traps - Citrix WAF / LB
in Web App Firewall, BOT Management and IP reputation
Posted
Thank you so much Johannes for your inputs!
Cheers,
Deeshu