Hi
a customer asks for a tool to centrally manage the logs and alert datas coming from the various security tools like: BlackBerry CylancePROTECT for endpoint protection, Forescout for network and access control, Clavister as Firewall and Qualys for vulnerability management and application scanning to check if they have bugs.
Do you think tha log insight can be the right tool?
Third party product logs can be checked by the content packs.
If they are available for log insight, then it can track logs
I could not find much documentation, content packs and other details on vmware log insight.
It looks like you can configure Splunk, please see the links below.
Security tools like:
1. BlackBerry CylancePROTECT for endpoint protection.
2. Forescout for network and access control
3. Clavister as Firewall
4. Qualys for vulnerability management and application scanning.
BlackBerry CylancePROTECT:
https://docs.blackberry.com/en/unified-endpoint-security/cylance--products/protect-application-for-s...
https://splunkbase.splunk.com/app/3233
Forescout for network:
ForeScount integrate with Splunk:
https://docs.forescout.com/en-US/bundle/splunk-2-9-2-h/page/splunk-2-9-2-h.Set-Up-the-Forescout-Tech...
https://www.forescout.com/wp-content/uploads/2016/11/ForeScout-App-Splunk-2.5-Guide.pdf
Log insight forward security events from vRealize Log insight.
https://blogs.vmware.com/customer-experience-and-success/2021/08/how-to-forward-security-events-from...
Clavister as Firewall:
https://forums.clavister.com/viewtopic.php?t=5897
Qualys for vulnerability management and application scanning :
https://splunkbase.splunk.com/app/2964
I hope the above links will help you. Thanks.
Thanks and Regards,
Jayendra
Note: I have recently started my blogs please review and give your feedback so that I can improve
Link: https://www.vrealizeworld.net/