Vasco DigiPass
What is Discovered and Monitored
|
Protocol |
Information discovered |
Metrics collected |
Used for |
|---|---|---|---|
|
Syslog |
Successful and Failed Authentications, Successful and Failed administrative logons |
Security Monitoring and compliance |
Event Types
In ADMIN > Device Support > Event Types, search for "Vasco-DigiPass" to see the event types associated with this device. Some important ones are:
- Vasco-DigiPass-KeyServer-AdminLogon-Success
- Vasco-DigiPass-KeyServer-UserAuth-Success
- Vasco-DigiPass-KeyServer-UserAuth-Failed
- Vasco-DigiPass-KeyServer-AccountLocked
- Vasco-DigiPass-KeyServer-AccountUnlocked
Configuration
Configure the Vasco DigiPass management Console to send syslog to FortiSIEM. FortiSIEM is going to parse the logs automatically. Make sure the syslog format is as follows.
May 16 18:21:50 vascoservername ikeyserver[3575]: {Success}, {Administration}, {S-001003}, {A command of type [User] [Unlock] was successful.}, {0xA46B6230BA60B240CE48011B0C30D393}, {Source Location:10.1.2.3}, {Client Location:10.1.2.3}, {User ID:flast}, {Domain:company.com}, {Input Details: {User ID : flast} {Domain Name : company.com}}, {Output Details: {User ID : flast} {Password : ********} {Created Time : 2013/05/13 19:06:52} {Modified Time : 2013/05/16 18:21:49} {Has Digipass : Unassigned} {Status : 0} {Domain Name : company.com} {Local Authentication : Default} {Back-end Authentication : Default} {Disabled : no} {Lock Count : 0} {Locked : no} {Last Password Set Time : 2013/05/13 19:06:52} {Static Password History : d0NdVMhSdvdNEQJkkKTWmiq8iB4K1dWreMf5FQlZM7U=} {Key ID : SSMINSTALLSENSITIVEKEY}}, {Object:User}, {Command:Unlock}, {Client Type:Administration Program}
May 15 20:27:35 vascoservername ikeyserver[3575]: {Success}, {Administration}, {S-004001}, {An administrative logon was successful.}, {0x25AB20F3222F554A96CFFD2886AE4C71}, {Source Location:10.1.2.3}, {Client Location:10.1.2.3}, {User ID:admin}, {Domain:company.com}, {Client Type:Administration Program}
May 17 18:43:22 vascoservername ikeyserver[3582]: {Info}, {Initialization}, {I-002010}, {The SOAP protocol handler has been initialized successfully.}, {0x0E736D24D54E717E6F5DA6C09E89F8EE}, {Version:3.4.7.115}, {Configuration Details:IP-Address: 10.1.2.3, IP-Port: 8888, Supported-Cipher-Suite: HIGH, Server-Certificate: /var/identikey/conf/certs/soap-custom.pem, Private-Key-Password: ********, CA-Certificate-Store: /var/identikey/conf/certs/soap-ca-certificate-store.pem, Client-Authentication-Method: none, Reverify-Client-On-Reconnect: False, DPX-Upload-Location: /var/dpx/}