This would probably require a professional services engagement to get McAfee to develop this, however, depending on the logging capabilities of the IBM devices, you may be able to setup syslog forwarding, or a file pull from the receiver to the appliance to grab logs, and then using the ASP parser build out custom parsers for the logs coming in.
Unfortunately I am not familiar with the logging options of IBM Websphere, so I would not be able to direct you on that side of things. If they can forward syslog, you can setup a data source for generic, syslog, and then write custom parsers in the policy editor.
We are wanting to do the same with Websphere (and some other IBM data sources). I have asked McAfee to comment on if they plan to release any ASPs for these sources in the near future. Otherwise we will have to engage McAfee to develop these for us.
I'll keep you posted if/when I get a response.
Alex & Mike,
If one of you gents wants to 'bleach' a packet of any sensitive data I’ll gladly assist you with the process of developing and implementing a custom parser for that data source. To do so you’re looking at doing the following items:
-Develop the Regex to the
-Add data source
-Create new ASP Rule
The task is much less daunting after having done it for multiple Vendors and Device Types
Thanks for the offer. At this stage we have not yet added Websphere to our ESM - and don't have any sample logs as yet, it is just one of the many data sources we are looking to on board in the coming months.
I ask my McAfee / Intel-Security Salespartner if they plan to release this ASP. I still waiting for an answer.
Any instructions on how to add the IBM WebSphere as a data source and parsing?