Skip to main content

HPE Aruba Clearpass

Download With Dependencies

Aruba ClearPass Policy Manager provides role and device-based network access control for employees, contractors, and guests across any multivendor wired, wireless and VPN infrastructure.

HPE Aruba ClearPass

This pack includes Cortex XSIAM content.

Use this content pack to help automate adding devices in the network to a block list in response to security events, such as a stolen or compromised device.

What does this pack do?

The integration in this pack enables you to:

  • Get a list of endpoints.
  • Update fields of an endpoint.
  • Get a list of attributes.
  • Create, update, or delete an attribute.
  • Get a list of active sessions.
  • Disconnect an active session.

HPE Aruba ClearPass

This pack includes Cortex XSIAM content.

Collect Events from Product

You need to configure Aruba ClearPass to forward Syslog messages in CEF format.

Open your Aruba ClearPass UI and follow these instructions:

Adding Syslog Targets

  1. Navigate to Administration > External Servers > Syslog Targets.
  2. Click the Add link.
  3. Specify the server credentials at the prompt window.
  4. Click Save.

Adding a Syslog Export Filter

  1. Navigate to Administration > External Servers > Syslog Export Filters.
  2. From the Syslog Export Filters page, click Add.
    • Under Export Event Format Type, choose the Comma Event Format (CEF).
    • Under Syslog Servers, choose the relevant server config for XSIAM.
  3. Save your filter.
  • Pay attention: Timestamp parsing is supported for the rt field in Epoch 13 digits (MILLIS) timestamp format.
    Use this content pack to help automate adding devices in the network to a block list in response to security events, such as a stolen or compromised device.

What does this pack do?

The integration in this pack enables you to:

  • Get a list of endpoints.
  • Update fields of an endpoint.
  • Get a list of attributes.
  • Create, update, or delete an attribute.
  • Get a list of active sessions.
  • Disconnect an active session.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 10, 2021
Last ReleaseDecember 3, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.