When enterprise IT applications handle sensitive customer and client information, they must maintain a secure environment, be able to identify potential holes in your system, and track potential compliance issues. Whether governed by internal policy or by regulations like HIPAA, PCI DSS, or SOX, your team must ensure that your customers and clients are protected. ExtraHop's Security & Compliance Dashboard leverages wire data to monitor and manage some of the common metrics for security and audit teams.
This bundle provides you with:
- Continuous Encryption Audit: Identifies SSL certificate with weak key sizes and cipher strengths as well as expirations.
- PHI Assurance Citrix Virtual Printer and USB Channel Lockdown: Tracks all Printer and USB channel usage.
- Continuous Data Leakage Watch - Access and frequency: Tracks CIFS large file access and denied CIFS access.
- Brute Force Watch: Directory Access Attempts: Compares LDAP successes and failures.
- Brute Force Invalid Credentials: User and Frequency (count/sec)(delayed): Tracks the frequency of LDAP invalid credentials.
- Brute Force Attempts -- Invalid Credentials: Tracks the number of LDAP attempts with invalid credentials.
- DNS -- Potential Malware: A Records (Normal) vs TXT (DNS Channel Spoof): Identifies high abnormally high TXT records which can be an indicator of potential TCP/IP tunneling through DNS.
- DB -- Administrative Account Monitoring: Tracks MySQL Root/SA Login attempts.
What you get:
Security for Compliance – CIFS
Security for Compliance – DB
Security for Compliance – DNS
Security for Compliance – ICA
Security for Compliance – LDAP
Security for Compliance – SSL
Compliance and Data Leakage Dashboard
Figure 1: Metric drill down for Clients with less than 2048-bit keys
Figure 2: Top level graph to monitor root account login
This data can be exported to Splunk. The ExtraHop + Splunk Security app can be used to precisely export wire data metrics and merge them together with Splunk's machine data metrics, providing holistic security and compliance visibility.
- Download the bundle file
- Upload the bundle file using the file explorer
- Apply the bundle
- Upload the bundle to your ExtraHop appliance. (Settings -> Bundles -> Upload)
- Click Apply. You should see "Ok: bundle applied successfully"
- Apply the triggers to devices of interest.
- Database: MySQL server(s)
- CIFS: server(s) or client(s)
- ICA: server(s) or client(s)
- DNS: server(s) or client(s)
- LDAP: server(s) or client(s)
- SSL: server(s) or client(s)
- Apply the custom page Compliance and Data Leakage Dashboard to the Network to be monitored
- (Optional) Configure the Trigger
- Edit the triggers by modifying the USER_SET values within the trigger code