Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
jorgeoa Honored Contributor.
Honored Contributor.
501 views

Get Sourcefire Security Intelligence events with eStreamer

Hello,

I'm trying to get the Security Intelligence events from a Defense Center 5.3.0.2 using the last version of the eStreamer SmartConnector but I can't find them in the CEF events generated by the connector.

I have all the types of events checked in the DC and in the connector configuration. I can see the connection events, but not the security intelligence ones.

I don't know if this type of events could be retrieved from the eStreamer or not. Can anybody give me some info about that?

I know I can get the events using syslog but it would be great to have all the events in the same connector.

Thank you!

Labels (2)
0 Likes
Reply
2 Replies
jorgeoa Honored Contributor.
Honored Contributor.

Re: Get Sourcefire Security Intelligence events with eStreamer

Hello,

Nobody having this issue or using the eStreamer connector?

Thanks!

0 Likes
Reply
Super Contributor.. bdeerinwater Super Contributor..
Super Contributor..

Re: Get Sourcefire Security Intelligence events with eStreamer

Hello, Running a prrof of concept with the sourcefire eStreamer and seem to be running into an issue with getting events. In the document it states:

Use KeyMan or other third party software to open the <ip>.pkcs12 file and highlight and open each certificate (there are two certificates). For the key, also set the flag "trust as an addressbook certificate." Save the file to the same file name.

So I have d/l and got keyamn to work.The issue is saving the cert. I can change the password of the cert but not the flag to "trust as an addressbook certificate." . Has any one else come across this issue?

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.