CA Top Secret

Expand all | Collapse all

Sending TSS msgs to Splunk

  • 1.  Sending TSS msgs to Splunk

    Posted 04-30-2018 03:15 PM

    Anyone sending TSS violation messages or SMF type 80 records to Splunk? 

     

    If, so how are the messages being sent?  



  • 2.  Re: Sending TSS msgs to Splunk

    Posted 05-01-2018 03:38 PM

    Hello Fred,

     

    CA Top Secret (TSS) does not have the ability to send violation messages directly to Splunk out of the box, but using CA Compliance Event Manager (CEM), you can.

     

    CA CEM has comprehensive policy capabilities related to sending security events to Splunk in Syslog or other formats.

     

    Some event types that can be sent to Splunk are Sign on success/violations (VERIFY), Object access success/violations (AUTH), Admin success/violations (TSS commands), etc.

     

    For a complete list of the events and filtering capabilities of CA CEM, please see docops.ca.com and in the ‘Select a product list’ drop down, select CA Compliance Event Manager.

     

    I believe your site already licenses CA CEM.  If you have any follow up questions, I’d be happy to setup a conference call to review. 

     

    Also, there is a CA Partner Portal that identifies other 3rd party software options that augment the capabilities provided by CA TSS and CA CEM.    

     

     

    Thank you,

    Mitchell Rozonkiewiecz

    Sr Principal Architect

    CA Compliance Event Manager



  • 3.  Re: Sending TSS msgs to Splunk

    Posted 05-02-2018 10:25 AM

    Thank you Mitchell.  That is good to hear about CA-CEM, we purchased it for other requirements, but now the Splunk feature is the top requirement.



  • 4.  Re: Sending TSS msgs to Splunk

    Posted 05-02-2018 12:42 PM

    I should have also mentioned that CA Compliance Event Manager (CEM) is not CA Top Secret specific.  CA CEM works with all 3 external security managers, CA ACF2, CA Top Secret and IBM RACF.  It normalizes the actions (email, wto, SIEM, etc) into a common format for all 3 external security managers.  Sample Syslog formatted output to Splunk is also provided with CA CEM that can be used as is or modified as desired.

     

    Thank you,

    Mitchell Rozonkiewiecz

    Sr Principal Architect

    CA Compliance Event Manager