Versionen im Vergleich

Alte Version 8

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

This article describes how SIEM a SIEM system can be used with LANCOM R&S®Unified Firewalls in the LMC.

...

Info

You can find the Project ID in the LMC menu Management → Properties.

Reading out the project ID in the LMC ManagementImage Modified



2) Provide IDPS messages of from the Unified Firewall for the SIEM system:

2.1) After activating SIEM support the Unified Firewall changes to the state Nicht aktuellstate Outdated. Roll out the configuration to the Unified Firewall, so that the IDPS alerts are provided.

Info

As of december 2024 only IDPS alerts are provided. Support for additional logs will be added in future LMC and LCOS FX versions.

Image RemovedUnified Firewall status Outdated in the LMCImage Added

Image RemovedRoll out the configuration to the Unified Firewall via the LMCImage Added

2.2) Connect to the Unified Firewall via the WEBconfig tunnel in the LMC and check in the menu Monitoring & Statistics → Settings, if the additional column LMC was rolled out and if the option is activate for active for IDPS Alert.

Image Modified



3) Generate a SIEM API Secret in the LMC:

3.1) In the LMC go to the menu Project services specifications → External services → SIEM and click on Create API Secret Key.

Image RemovedCreate a SIEM API Secret Key in the LMCImage Added

3.2) Copy the Secret Key and save it in a secure location. Enter the Secret Key in your SIEM system afterwards.

Image RemovedCopy the SIEM API Secret KeyImage Added



4) Example commands in the SIEM API:

...

Codeblock
titleThe command must be entered in the following format:
curl --request GET \
  --url https://cloud.lancom.de/cloud-service-siem/accounts/<UUID of your LMC project>/logs \
  --header 'HTTP/1.1
Host: cloud.lancom.de
Authorization: LMC-API-KEY <API Secret Key from(see step 3>' \3)>


Codeblock
title Example test query (without valid account data or Secret Key):
curl --request GET \
  --url https://cloud.lancom.de/cloud-service-siem/accounts/ea96d5d0-01f6-498a-b9ec-629be24eae9e/logs \
  --header 'Authorization: LMC-API-KEY eyJraWQiOiIxIiwidHlwIjoiTE1DLUFQSS1LRVkiLCJhbGciOiJIUzI1NiJ9.3zezFHKzCYJlCgh-3V1KN0yEe8lTUQEE75DXc-Vv2Dc._93wf35NVk8Q6yt7omWzyohTgW58424tQzRFIPgr111' \

...

With the endpoint Offsets you can read out the number of the first logfile and the next unread logfile as well as the offset limit for the specified account.

Codeblock
titleThe command must be entered in the following format:
curl --request GET \
--url https://cloud.lancom.de/cloud-service-siem/accounts/<UUID of your LMC project>/offsets \
--header 'HTTP/1.1
Host: cloud.lancom.de
Authorization: LMC-API-KEY <API Secret Key from(see step 3>' \3)>


Codeblock
title Example test query (without valid account data or Secret Key):
curl --request GET \
--url https://cloud.lancom.de/cloud-service-siem/accounts/30995a43-3705-439a-9c2c-da1331bb5106/offsets \
--header 'Authorization: LMC-API-KEY eyJraWQiOiIxIiwidHlwIjoiTE1DLUFQSS1LRVkiLCJhbGciOiJIUzI1NiJ9.3zezFHKzCYJlCgh-3V1KN0yEe8lTUQEE75DXc-Vv2Dc._93wf35NVk8Q6yt7omWzyohTgW58424tQzRFIP11111' \

...

Inhalt nach Stichwort
showLabelsfalse
max5
showSpacefalse
sortcreation
titleWeitere Artikel zu diesem ThemaMore articles on this topic:
excludeCurrenttrue
cqllabel = "lmc" and space = "KBKBEN"