NCC Group DDoS Secure
The JSA DSM for NCC Group DDoS Secure collects events from NCC Group DDoS Secure devices.
The following table describes the specifications for the NCC Group DDoS Secure DSM:
Specification |
Value |
|---|---|
Manufacturer |
NCC Group |
DSM name |
NCC Group DDoS Secure |
RPM file name |
DSM-NCCGroupDDoSSecure-JSA_version-build_number .noarch.rpm |
Supported versions |
5.13.1-2s to 5.16.1-0 |
Protocol |
Syslog |
Event format |
LEEF |
Recorded event types |
All events |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
NCC Group website (https://www.nccgroup.trust/uk/) |
To integrate NCC Group DDoS Secure with JSA, complete the following steps:
If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:
DSMCommon RPM
NCC Group DDoS Secure DSM RPM
Configure your NCC Group DDoS Secure device to send syslog events to JSA.
If JSA does not automatically detect the log source, add an NCC Group DDoS Secure log source on the JSA Console. The following table describes the parameters that require specific values to collect event from NCC Group DDoS Secure:
Table 2: NCC Group DDoS Secure Log Source Parameters Parameter
Value
Log Source type
NCC Group DDoS Secure
Protocol Configuration
Syslog
To verify that JSA is configured correctly, review the following table to see an example of a normalized event message.
The following table shows a sample event message from NCC Group DDoS Secure:
Table 3: NCC Group DDoS Secure Sample Message Event name
Low level category
Sample log message
TCP Attack - Port Scan - END
Host Port Scan
<134>LEEF:1.0|NCCGroup|DDoS Secure |5.16.2-1|4078|desc=TCP Attack - Port Scan sev=4 myip=127 .0.0.1 proto=TCP scrPort =0 dstPort=0 src=127.0.0 .1 dst=127.0.0.1 cat= END devTime=2017-06-05 11: 26:00 devTimeFormat=yyyy-MM -dd HH:mm:ss end=2017-06-05 11:34:33 CurrentPps=0 PeakPps=14 totalPackets=243 realm=TalkTalk-Mail action=DROP