cancel
Showing results for 
Search instead for 
Did you mean: 

SIEM Right-Click sending trap to ASM

SIEM Right-Click sending trap to ASM

An-Tin_Liu
New Contributor II
who has asmright-click.pl

or

who can help me to check the pl file

#!/usr/bin/perl #Variables to change

$NETSIGHT_TRAP_SERVER = "192.168.30.134";

$SNMP_USERNAME = "snmpuser";

$AUTHENTICATION_TYPE = "MD5";

$AUTHENTICATION_PASSWORD = "snmpauthcred";

$PRIVACY_TYPE = "DES";

$PRIVACY_PASSWORD = "snmpprivcred";

$SENDER_ID = "SIEM";

$SENDER_NAME = "192.168.30.200";

$THREAT_NAME = "DSCC Intervention";

$THREAT_CATEGORY = "UserRemove";

$INITIATOR_ADDRESS = "1.1.1.1";

$TRAP_PORT = "162";



# DO NOT ALTER CODE FROM THIS LINE FORWARD



$NOTIFICATION_MESSAGE_OID = ".1.3.6.1.4.1.5624.1.2.45.1.0.3";

$CONSOLIDATED_DATA_OID = ".1.3.6.1.4.1.5624.1.2.45.1.1.12";



printf("AN SNMP trap has been sent to the Automated Security Manager (ASM) remediation server.\n");

printf("The user will be removed from the network.\n");



#$action .= "snmptrap -d -v 2c -c public 192.168.30.134 UCD-SNMP-MIB::ucdStart message s disk utilization exceed 80%";

$action .= "snmptrap -C i -v 3 -u $SNMP_USERNAME -a $AUTHENTICATION_TYPE -A $AUTHENTICATION_PASSWORD -x $PRIVACY_TYPE -X $PRIVACY_PASSWORD ";

$action .= "NETSIGHT_TRAP_SERVER:$TRAP_PORT O $NOTIFICATION_MESSAGE_OID $CONSOLIDATED_DATA_OID s "etsysThreatNotificationSenderName= '$SENDER_NAME' "" ;

$action .= ""etsysThreatNotificationThreatName='$THREAT_NAME' etsysThreatNotificationThreatCategory='$THREAT_CATEGORY' etsysThreatNotificationSenderID='$SENDER_ID' "";

$action .= ""etsysThreatNotificationInitiatorAddress='$INITIATOR_ADDRESS'\"""";









"
10 REPLIES 10

An-Tin_Liu
New Contributor II
Thanks~~

Dudley__Jeff
Extreme Employee
A case was created with the GTAC.

Drew_C
Valued Contributor III
Are there any updates to add to this thread?

Dudley__Jeff
Extreme Employee
Hi,

So far seeing the same. May move to an escalation for product adjustment but too early to tell.



GTM-P2G8KFN