Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

New Device Module (DM) update for Trustwave SIEM 1.2.1 now available

Trustwave's most recent Device Module (DM), DM-22, is now available to customers in the TrustKeeper portal file library. DM-22 adds support for new devices, updated parsing and normalization for some devices and other content for Trustwave SIEM software version 1.2.1.

Read on for more details about what's new.

New Device Support

DM-22 adds support for the following devices:

  • ACI Worldwide PRM
  • Aloha Configuration Center
  • Amazon CloudTrail
  • Trustwave DbProtect
  • EMC Centera
  • McAfee Stonesoft NGN
  • Microsoft Windows Non-Security Logs 2000-2008 – EM/Snare/Splunk/Balabit/Lasso/Datagram
  • Microsoft Windows Security Log 2008 - WinCollect
  • Sophos Cyberoam UTM Firewall
  • Trustwave Antivirus

Enhanced Device Support

DM-22 enhances parsing or normalization for the following supported devices:

  • Aloha POS
  • Avaya WLAN
  • Barracuda Spam and Virus Firewall
  • Blue Coat ProxySG
  • ACI Worldwide PRM
  • Brocade Switch
  • Check Point Firewall
  • Cisco ACE
  • Cisco ASA/PIX
  • Cisco IDS
  • Cisco ISE
  • Cisco NAM
  • Cisco Nexus/MDS/UCS
  • Cisco Secure ACS Windows
  • Cisco Unified Communications
  • Citric NetScaler
  • Enterasys Dragon – Alarmtool Syslog
  • Fidelis XPS
  • FireEye MPS
  • Fortinet FortiGate
  • Generic Unix Syslog
  • GTA Firewall
  • IBM iSeries – PowerTech Interact Syslog
  • IBM Proventia Management SiteProtector
  • Juniper NetScreen IDP
  • Juniper NetScreen/ISG/SSG
  • Juniper SSL VPN
  • McAfee ePO
  • Microsoft Exchange Server
  • Microsoft Forefront Threat Management Gateway 2010
  • Microsoft IIS
  • Microsoft Sharepoint
  • Microsoft UAG
  • Microsoft Windows Non-Security Logs 2000-2008 – EM/Snare/Splunk/Lasso/Datagram
  • Microsoft Windows Security Log 2008
  • Mod Security
  • NetApp Storage
  • Netfilter IPTables
  • OpenVPN
  • Oracle Audit Trail
  • Palo Alto Networks Firewall
  • Postfix
  • Samba
  • Secure Computing Sidewinder G2
  • Snort
  • SonicWALL SonicOS
  • Sophos UTM
  • Sourcefire – 3D
  • Squid Proxy
  • Sun Directory Server
  • Sybase ASE Audit
  • Symantec Endpoint Protection
  • Trend Micro Deep Security
  • Trend Micro IWSS
  • Trustwave FIM
  • Trustwave IVS
  • Trustwave SWG
  • Trustwave TrustOS
  • Trustwave WAF
  • Unix Clustering
  • VMware ESX
  • WatchGuard Firebox
  • Websense Web Security

New/Updated Reports and Notifications

The following content has been added or updated within DM-22:

  • New Reports
    • Data Source Status for Selected Detectors
    • FIM Activity
    • Updated Notifications
      • Host Found by Any Device
      • Specified Event Type List, specified Acting User List, specified Target User List, specified Detector List, and specified string(s) found or excluded via a specific device

How to Update?

DM-22 requires DM-21 and SP-20, which are also available in TrustKeeper portal file library. For TrustKeeper portal access to the DM, please contact the SIEM Technical Assistance Team at SIEMTACSupport@trustwave.com.

Once you download the package install it via the 'support package upload' function located at Admin-> System Management->File Manager. For more detailed instructions, please see the 'Trustwave SIEM 1.2.1 DM-22' release notes also found in the file library.