6 Replies Latest reply on Oct 27, 2015 9:17 AM by SIEMer SIEMer

    Integration IBM Websphere

    secnet500

      Hello!

       

      I'm want to integrate my IBM Websphere Application Server and IBM Websphere Datapower Appliances.

      There is no ASP in McAfee SIEM out of the box.

       

      Alex

        • 1. Re: Integration IBM Websphere
          ryan.fitzpatrick

          Alex,

           

          This would probably require a professional services engagement to get McAfee to develop this, however, depending on the logging capabilities of the IBM devices, you may be able to setup syslog forwarding, or a file pull from the receiver to the appliance to grab logs, and then using the ASP parser build out custom parsers for the logs coming in.

           

          Unfortunately I am not familiar with the logging options of IBM Websphere, so I would not be able to direct you on that side of things. If they can forward syslog, you can setup a data source for generic, syslog, and then write custom parsers in the policy editor.

          • 2. Re: Integration IBM Websphere
            Mikelb

            Hi Alex

             

            We are wanting to do the same with Websphere (and some other IBM data sources).  I have asked McAfee to comment on if they plan to release any ASPs for these sources in the near future.  Otherwise we will have to engage McAfee to develop these for us.

             

            I'll keep you posted if/when I get a response.

             

            Mike

            • 3. Re: Integration IBM Websphere
              protah

              Alex & Mike,


              If one of you gents wants to 'bleach' a packet of any sensitive data I’ll gladly assist you with the process of developing and implementing a custom parser for that data source. To do so you’re looking at doing the following items:


              -Develop the Regex to the

              -Add data source

              -Create new ASP Rule

              The task is much less daunting after having done it for multiple Vendors and Device Types


              R/

              Jacob

              • 4. Re: Integration IBM Websphere
                Mikelb

                Hi Jacob

                 

                Thanks for the offer.  At this stage we have not yet added Websphere to our ESM - and don't have any sample logs as yet, it is just one of the many data sources we are looking to on board in the coming months.

                 

                Regards

                Mike

                • 5. Re: Integration IBM Websphere
                  secnet500

                  Hallo,

                   

                  I ask my McAfee / Intel-Security Salespartner if they plan to release this ASP. I still waiting for an answer.

                   

                  Regards

                  Alex

                  • 6. Re: Integration IBM Websphere
                    SIEMer SIEMer

                    Hi,

                    Any instructions on how to add the IBM WebSphere as a data source and parsing? 

                    Thanks,