Sourcefire 3D Sensor

Versions

5.2

Supported 3D sensors (Series 2 devices)

3D500

3D1000

3D2000

3D2100

3D2500

3D3500

3D4500

3D6500

3D9900

SNMP discovery

No

Required credential parameters

To add credentials in JSA log in as an administrator and use Configuration Source Management on the Admin tab.

Username

Password

Supported connection protocols

To add protocols in JSA, log in as an administrator and use Configuration Source Management on the Admin tab.

SSH

Commands that the adapter requires to log in and collect data

show version

show memory

show network

show interfaces

expert

sudo

su

df

hostname

ip addr

route

cat

find

head

mysql

Commands that the adapter uses to read configuration information:

To get hardware information.

To get the system host name.

To get routing information.

Use the cat or head command to read files and get configurations.

Read to get the base directory for the SNORT instance, which is referenced as $DE_DIR in the following three examples:

Read the IPS rules and objects.

Read the SNORT configuration.

Files are read in dynamically when they are referenced in the policyText_full.yaml file.

The adapter uses the find command is to search for IP reputation files in this directory.

File that is read to get the database connection credentials.

sudo su df

sudo su hostname

sudo su route -n

/etc/sf/ims.conf

$SNORT_DIR/fwcfg/affinity.conf

$DE_DIR/policyText_full.yaml

$DE_DIR/snort.conf

$DE_DIR/*

$SNORT_DIR/iprep_download

/etc/sf/ims-data.conf