SSH Comm Security CryptoAuditor
What is Discovered and Monitored
Protocol | Information Discovered | Data Collected | Used for |
---|---|---|---|
Syslog (CEF format) | - | 15 event types | Security and Compliance |
Event Types
In RESOURCE > Event Types, Search for “CryptoAuditor-”.
Sample Event Type:
<189>Jun 24 15:43:01 auditor ssh-auditor[4067]: CEF:0|SSH|CryptoAuditor|1.6.0|4201|Connection_received|1|rt=Jun 26 2015 07:48:24 SshAuditorSrc=10.1.78.8 spt=34453 SshAuditorDst=10.1.78.8 dpt=10022 SshAuditorSessionId=21 SshAuditorUsername=testuser SshAuditorRemoteusername=testuser SshAuditorProtocolsessionId=C089C55D9ADE0A4F901917D69B46B01223A02B70 SshAuditorVirtualLAN=0 cs1=source connection cs1Label=Text
<189>Jun 24 15:43:01 auditor ssh-auditor[4067]: CEF:0|SSH|CryptoAuditor|1.6.0|4201|Connection_received|rt=Jun 26 2015 07:48:24 SshAuditorSrc=10.1.78.8 spt=34453 SshAuditorDst=10.1.78.8 dpt=10022 SshAuditorSessionId=21 SshAuditorUsername=testuser SshAuditorRemoteusername=testuser SshAuditorProtocolsessionId=C089C55D9ADE0A4F901917D69B46B01223A02B70 SshAuditorVirtualLAN=0 cs1=source connection cs1Label=Text
Rules
There are no specific rules but generic rules for Generic Servers apply.
Reports
There are no specific reports but generic rules for Generic Servers apply.
Configuration
Configure SSH Comm Security CryptoAuditor to send syslog on port 514 to FortiSIEM.