Sidewinder
IBM® QRadar® Risk Manager supports McAfee Enterprise Firewall (Sidewinder) appliances that run SecureOS.
- Static NAT
- Static routing
- Telnet and SSH connection protocols
The Sidewinder adapter interacts with the CLI-based McAfee operating system (SecureOS) over Telnet or SSH.
Sidewinder adapter has the following limitations:
- Only Layer 3 firewall policies are supported because the Layer 7 policies that use Sidewinder application defenses are unsupported.
- Identity-based, geography-based, and IPv6 policies are dropped, because these policies are unsupported by QRadar Risk Manager.
The integration requirements for the Sidewinder adapter are described in the following table:
Integration Requirement | Description |
---|---|
Supported versions |
8.3.2 |
Minimum user access level |
admin The admin user access level is required to retrieve predefined services information from the database by using the cf appdb list verbose=on command. |
SNMP discovery |
No |
Required credential parameters |
Username Password |
Supported connection protocols | Use any one of the following supported connection
protocols: SSH Telnet |
Commands that the adapter requires to log in and collect data |
hostname uname -r uptime cf license q cf route status cf ipaddr q cf iprange q cf subnet q cf domain q Use "dig $address +noall +answer" for each domain output from: cf domain qcf host q cf netmap q cf netgroup q cf appdb list verbose=on cf application q cf appgroup q cf policy q cf interface q cf zone q |