Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

NCC Group DDoS Secure

 

The JSA DSM for NCC Group DDoS Secure collects events from NCC Group DDoS Secure devices.

The following table describes the specifications for the NCC Group DDoS Secure DSM:

Table 1: NCC Group DDoS Secure DSM Specifications

Specification

Value

Manufacturer

NCC Group

DSM name

NCC Group DDoS Secure

RPM file name

DSM-NCCGroupDDoSSecure-JSA_version-build_number

.noarch.rpm

Supported versions

5.13.1-2s to 5.16.1-0

Protocol

Syslog

Event format

LEEF

Recorded event types

All events

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

NCC Group website (https://www.nccgroup.trust/uk/)

To integrate NCC Group DDoS Secure with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • DSMCommon RPM

    • NCC Group DDoS Secure DSM RPM

  2. Configure your NCC Group DDoS Secure device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add an NCC Group DDoS Secure log source on the JSA Console. The following table describes the parameters that require specific values to collect event from NCC Group DDoS Secure:

    Table 2: NCC Group DDoS Secure Log Source Parameters

    Parameter

    Value

    Log Source type

    NCC Group DDoS Secure

    Protocol Configuration

    Syslog

  4. To verify that JSA is configured correctly, review the following table to see an example of a normalized event message.

    The following table shows a sample event message from NCC Group DDoS Secure:

    Table 3: NCC Group DDoS Secure Sample Message

    Event name

    Low level category

    Sample log message

    TCP Attack - Port Scan - END

    Host Port Scan

    <134>LEEF:1.0|NCCGroup|DDoS Secure |5.16.2-1|4078|desc=TCP Attack - Port Scan sev=4 myip=127 .0.0.1 proto=TCP scrPort =0 dstPort=0 src=127.0.0 .1 dst=127.0.0.1 cat= END devTime=2017-06-05 11: 26:00 devTimeFormat=yyyy-MM -dd HH:mm:ss end=2017-06-05 11:34:33 CurrentPps=0 PeakPps=14 totalPackets=243 realm=TalkTalk-Mail action=DROP