Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Skyhigh Networks Cloud Security Platform

 

The JSA DSM for Skyhigh Networks Cloud Security Platform DSM collects logs from a Skyhigh Networks Cloud Security Platform.

The following table identifies the specifications for the Skyhigh Networks Cloud Security Platform DSM:

Table 1: Skyhigh Networks Cloud Security Platform DSM Specifications

Specification

Value

Manufacturer

Skyhigh Networks

DSM name

Skyhigh Networks Cloud Security Platform

RPM file name

DSM-SkyhighNetworksCloud

SecurityPlatform-JSA_version-build_

number

.noarch.rpm

Supported versions

2.4 and 3.3

Protocol

Syslog

Event format

LEEF

Recorded event types

Privilege Access, Insider Threat, Compromised Account, Access, Admin, Data, Policy, and Audit

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

Skyhigh Networks website (www.skyhighnetworks.com/)

To integrate Skyhigh Networks Cloud Security Platform with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • Skyhigh Networks Cloud Security Platform DSM RPM

    • DSMCommmon RPM

  2. Configure your Skyhigh Networks Cloud Security Platform device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a Skyhigh Networks Cloud Security Platform log source on the JSA Console. The following table describes the parameters that require specific values for Skyhigh Networks Cloud Security Platform event collection:

    Table 2: Skyhigh Networks Cloud Security Platform Log Source Parameters

    Parameter

    Value

    Log Source type

    Skyhigh Networks Cloud Security Platform

    Protocol Configuration

    Syslog

    Log Source Identifier

    The IP address or host name of the Skyhigh Networks Cloud Security Platform that sends events to JSA.

  4. To verify that JSA is configured correctly, go to the following table to review a sample event message.

    The following table shows a sample event message from Skyhigh Networks Cloud Security Platform:

    Table 3: Skyhigh Networks Cloud Security Platform Sample Message

    Event name

    Low level category

    Sample log message

    Login Success

    User Login Success

    <14> Mar 16 18:51:10 hostname LEEF:1.0|Skyhigh|Anomalies|192.0.2.0| LoginSuccess|cat=Alert.Access devTimeFormat=MMM dd yyyy HH:mm:ss. SSS zzz devTime=Jan 30 2017 06: 59:11.000 UTC usrName= username sev=0 activityName= Login anomalyValue=51 countries=[XX] emailDomain=example. com incidentGroupId=10014 incidentId=733 isPartOfThreat= false riskSeverity=low serviceNames=[<Service>] sourceIps=[<Source_IP_address] status= OPENED threatCategory= Compromised Accounts threshold Duration=daily thresholdValue=30 updatedOn=Jan 30 2017 07:08:05. 906 UTC