Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SSIM Application Security Monitoring

Created: 31 Jan 2013 | 8 comments

Hi All,

I've to configure SSIM for Application Security Monitoring. Do we have any KT articles or guides in configuring these.

Appreciate your assistance.

 

Comments 8 CommentsJump to latest comment

SK Ooi's picture

Can you be more specific?

 

Generic answer: install event agent, if off-box. Then install collector. Each collector comes with its own implementation guide.

 

 

You download the guide from fileshare.symantec.com

 

 

SK

SSIM_Implementor's picture

Thanks for the response SK.

I've to configure the Application security monitoring for Windows, UNIX and AS400. Can i use the below collectors to monitor and log the applications

1) Microsoft Windows Event Collector 4.4

2) UNIX OS Event Collector

3) IBM Audit I series collector

I've tried the https://fileshare.symantec.com, but was unable to login. Do we need to register to access this site or can we use the Symantec Connect Community credentials to login?

 

 

 

Shahnawaz K's picture

For Windows 2003 - Microsoft Windows Event Collector 4.3 and higher
For Windows 2008 - Microsoft Windows Vista Event Collector 4.4
For Unix - Unix OS Event Collector 4.4
For AIX - Unix OS Log File Collector 4.4

Al the colector will be available at
https://fileconnect.symantec.com/licenselogin.jsp?...

This requires the valid serial number to login.

And https://fileshare.symantec.com is for uploading the logs or data required for Tech Support for in depth troublshooting for the case open by you.

Vikram Kumar-SAV to SEP's picture

You can integrate alomst any OS with SSIM and collect Security Logs..

But when you say Security Monitoring..Then you need to write Specifc Rules that should generate an incidnet, there are many default rules which should help and you can write any rule depending on your requirement.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SSIM_Implementor's picture

Thanks Vikram.

i'm writing specific rules to generate the incidents, but bit curious to have a document that guides about to configure the application monitoring on SSIM.

Vikram Kumar-SAV to SEP's picture

To configure a rule in SSIM first need to have a clear objective of what you want to acheive.

Like what you categorize as abnormal or unauthorized for that application which you want to monitor.

Does it log such event, does SSIM has a field mapped to it which event you are looking for.

Then it becomes much easier to test and write the rule for that application.

Be it number of password guessing attempts or login attempts or whatever you want.

 

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Hrishikesh Chikate's picture

Please provide sample rule for application security monitoring.

Subhani's picture

Hi Hrishikesh ,   Can you elaborate on your question .Which Application we are talking about here , what are you looking for e.g login failures or creation/deletion of records etc.