Aruba ClearPass Policy Manager provides role and device-based network access control for employees, contractors, and guests across any multivendor wired, wireless and VPN infrastructure.
HPE Aruba ClearPass
This pack includes Cortex XSIAM content.
Use this content pack to help automate adding devices in the network to a block list in response to security events, such as a stolen or compromised device.
What does this pack do?
The integration in this pack enables you to:
- Get a list of endpoints.
- Update fields of an endpoint.
- Get a list of attributes.
- Create, update, or delete an attribute.
- Get a list of active sessions.
- Disconnect an active session.
HPE Aruba ClearPass
This pack includes Cortex XSIAM content.
Collect Events from Product
You need to configure Aruba ClearPass to forward Syslog messages in CEF format.
Open your Aruba ClearPass UI and follow these instructions:
Adding Syslog Targets
- Navigate to Administration > External Servers > Syslog Targets.
- Click the Add link.
- Specify the server credentials at the prompt window.
- Click Save.
Adding a Syslog Export Filter
- Navigate to Administration > External Servers > Syslog Export Filters.
- From the Syslog Export Filters page, click Add.
- Under Export Event Format Type, choose the Comma Event Format (CEF).
- Under Syslog Servers, choose the relevant server config for XSIAM.
- Save your filter.
- Pay attention: Timestamp parsing is supported for the rt field in Epoch 13 digits (MILLIS) timestamp format.
Use this content pack to help automate adding devices in the network to a block list in response to security events, such as a stolen or compromised device.
What does this pack do?
The integration in this pack enables you to:
- Get a list of endpoints.
- Update fields of an endpoint.
- Get a list of attributes.
- Create, update, or delete an attribute.
- Get a list of active sessions.
- Disconnect an active session.