SIEM Right-Click sending trap to ASM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-06-2015 06:17 AM
who has asmright-click.pl
or
who can help me to check the pl file
#!/usr/bin/perl #Variables to change
$NETSIGHT_TRAP_SERVER = "192.168.30.134";
$SNMP_USERNAME = "snmpuser";
$AUTHENTICATION_TYPE = "MD5";
$AUTHENTICATION_PASSWORD = "snmpauthcred";
$PRIVACY_TYPE = "DES";
$PRIVACY_PASSWORD = "snmpprivcred";
$SENDER_ID = "SIEM";
$SENDER_NAME = "192.168.30.200";
$THREAT_NAME = "DSCC Intervention";
$THREAT_CATEGORY = "UserRemove";
$INITIATOR_ADDRESS = "1.1.1.1";
$TRAP_PORT = "162";
# DO NOT ALTER CODE FROM THIS LINE FORWARD
$NOTIFICATION_MESSAGE_OID = ".1.3.6.1.4.1.5624.1.2.45.1.0.3";
$CONSOLIDATED_DATA_OID = ".1.3.6.1.4.1.5624.1.2.45.1.1.12";
printf("AN SNMP trap has been sent to the Automated Security Manager (ASM) remediation server.\n");
printf("The user will be removed from the network.\n");
#$action .= "snmptrap -d -v 2c -c public 192.168.30.134 UCD-SNMP-MIB::ucdStart message s disk utilization exceed 80%";
$action .= "snmptrap -C i -v 3 -u $SNMP_USERNAME -a $AUTHENTICATION_TYPE -A $AUTHENTICATION_PASSWORD -x $PRIVACY_TYPE -X $PRIVACY_PASSWORD ";
$action .= "NETSIGHT_TRAP_SERVER:$TRAP_PORT O $NOTIFICATION_MESSAGE_OID $CONSOLIDATED_DATA_OID s "etsysThreatNotificationSenderName= '$SENDER_NAME' "" ;
$action .= ""etsysThreatNotificationThreatName='$THREAT_NAME' etsysThreatNotificationThreatCategory='$THREAT_CATEGORY' etsysThreatNotificationSenderID='$SENDER_ID' "";
$action .= ""etsysThreatNotificationInitiatorAddress='$INITIATOR_ADDRESS'\"""";
"
or
who can help me to check the pl file
#!/usr/bin/perl #Variables to change
$NETSIGHT_TRAP_SERVER = "192.168.30.134";
$SNMP_USERNAME = "snmpuser";
$AUTHENTICATION_TYPE = "MD5";
$AUTHENTICATION_PASSWORD = "snmpauthcred";
$PRIVACY_TYPE = "DES";
$PRIVACY_PASSWORD = "snmpprivcred";
$SENDER_ID = "SIEM";
$SENDER_NAME = "192.168.30.200";
$THREAT_NAME = "DSCC Intervention";
$THREAT_CATEGORY = "UserRemove";
$INITIATOR_ADDRESS = "1.1.1.1";
$TRAP_PORT = "162";
# DO NOT ALTER CODE FROM THIS LINE FORWARD
$NOTIFICATION_MESSAGE_OID = ".1.3.6.1.4.1.5624.1.2.45.1.0.3";
$CONSOLIDATED_DATA_OID = ".1.3.6.1.4.1.5624.1.2.45.1.1.12";
printf("AN SNMP trap has been sent to the Automated Security Manager (ASM) remediation server.\n");
printf("The user will be removed from the network.\n");
#$action .= "snmptrap -d -v 2c -c public 192.168.30.134 UCD-SNMP-MIB::ucdStart message s disk utilization exceed 80%";
$action .= "snmptrap -C i -v 3 -u $SNMP_USERNAME -a $AUTHENTICATION_TYPE -A $AUTHENTICATION_PASSWORD -x $PRIVACY_TYPE -X $PRIVACY_PASSWORD ";
$action .= "NETSIGHT_TRAP_SERVER:$TRAP_PORT O $NOTIFICATION_MESSAGE_OID $CONSOLIDATED_DATA_OID s "etsysThreatNotificationSenderName= '$SENDER_NAME' "" ;
$action .= ""etsysThreatNotificationThreatName='$THREAT_NAME' etsysThreatNotificationThreatCategory='$THREAT_CATEGORY' etsysThreatNotificationSenderID='$SENDER_ID' "";
$action .= ""etsysThreatNotificationInitiatorAddress='$INITIATOR_ADDRESS'\"""";
"
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-13-2015 10:49 PM
ï¼´hanks~~
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-13-2015 03:06 PM
A case was created with the GTAC.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-13-2015 02:49 PM
Are there any updates to add to this thread?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-09-2015 11:59 AM
Hi,
So far seeing the same. May move to an escalation for product adjustment but too early to tell.
So far seeing the same. May move to an escalation for product adjustment but too early to tell.
