Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
aritra Absent Member.
Absent Member.
810 views

Websense SNMP - Pre-requisites

Jump to solution

We have installed a Websense SNMP smartconnector on our Windows 2008 server and it seems that the server is listening on port 162 (default SNMP port). The alerting has been configured on the device end. However, I couldn't observe logs locally or on the console. Evidently, my Windows server is unable to receive SNMP Traps.

Can someone help me out in chalking out the pre-requisites for configuring a Windows server to receive SNMP traps? The SNMP service is running on the server and the community string has also been added, but the issue persists.

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Respected Contributor.. alexander.kuzmi Respected Contributor..
Respected Contributor..

Re: Websense SNMP - Pre-requisites

Jump to solution

Hi, Aritra

WebSense is now CEF certified. You can collect events without any need for SNMP connector.

There is a tab in WebSense interface that deals with SIEM integration, You can choose set it up to send CEF-formated events through syslog.

You can read about the Websense side of settings to be done here: http://www.websense.com/content/support/library/web/v76/siem/siem.pdf

And then from the ArcSight side all you need is a simple syslog connector.

Hope that helps.

View solution in original post

0 Likes
8 Replies
dzuperku1 Absent Member.
Absent Member.

Re: Websense SNMP - Pre-requisites

Jump to solution

Any updates on this?

I'm running into the same issue.

0 Likes
Respected Contributor.. alexander.kuzmi Respected Contributor..
Respected Contributor..

Re: Websense SNMP - Pre-requisites

Jump to solution

Hi, Aritra

WebSense is now CEF certified. You can collect events without any need for SNMP connector.

There is a tab in WebSense interface that deals with SIEM integration, You can choose set it up to send CEF-formated events through syslog.

You can read about the Websense side of settings to be done here: http://www.websense.com/content/support/library/web/v76/siem/siem.pdf

And then from the ArcSight side all you need is a simple syslog connector.

Hope that helps.

View solution in original post

0 Likes
rkent1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Websense SNMP - Pre-requisites

Jump to solution

I looked at doing this integration recently, and noted the following excerpt from the pdf you linked to:

Use SNMP alerting to keep the Websense system healthy and the organization

protected, and use Websense reporting tools or SIEM integration to report on Internet

activity when alerts reveal a potential issue.

This sounds to me like both the SNMP and CEF integration are needed to get total WebSense monitoring in your SIEM.

0 Likes
Highlighted
dzuperku1 Absent Member.
Absent Member.

Re: Websense SNMP - Pre-requisites

Jump to solution

it looks like you need to be on Websense 7.7 to get Integrating Web Security with third-party SIEM products.. I'm stuck on 7.6.

0 Likes
aritra Absent Member.
Absent Member.

Re: Re: Websense SNMP - Pre-requisites

Jump to solution

Hi dzuperku,

It seems that Websense v7.6 is not supported by ArcSight currently. We too had integrated the connector with v7.6, Looks like we have to upgrade to v7.7 in order to set up the device to send logs via syslog.

The supported device versions list as communicated by HP:

Websense Enterprise v6.1, v6.3, Websense Web Security v6.1, v6.3.
Websense Enterprise and Websense Web Security suite Corporate Edition v7.0, v7.5, v7.7.

Thanks All!
Aritra Gautam

0 Likes
bbis11 Honored Contributor.
Honored Contributor.

Re: Websense SNMP - Pre-requisites

Jump to solution

I have a question.I see there is a smartconenctor available as Websense Web Security Suite SNMP. Should i use a Syslog File smartconenctor or this one for 7.8.3 version.

Thanks

Biswa

0 Likes
aritra Absent Member.
Absent Member.

Re: Websense SNMP - Pre-requisites

Jump to solution

Hi Biswa,

Since you do have 7.8.3 version, its recommended by HP to go for Syslog smartconnector. In my case we had to upgrade device from v7.6 to v7.7 as the SNMP smartconnector didn't work out as expected.

Thanks,

Aritra Gautam

0 Likes
Glasscock Absent Member.
Absent Member.

Re: Websense SNMP - Pre-requisites

Jump to solution

Using the syslog connector, don't you miss many of the fields that Analyst need for investigations?  At a previous company, we used the SNMP default connector because we would get the refer and other fields. With syslog from Websense, we were getting a limited set with the default configuration.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.