NetBackup 10.4 Standardizes Security Event Pushes to Common External Platforms Using the OCSF Schema
Standardizing on one digital disc format (the Phillips standard) for audio and then video was the key to building the great leap forward for the audio-video industry back in the 1980’s. It saved all the audio vendors an ongoing battle between disc formats, which would make massive headaches for recording artists and disc manufacturers. It also paved the way for digital video disc (DVD) technology that followed. NetBackup 10.4+ takes the same approach with pushing audit security message events to external products/platforms. Using the OCSF message schema/format, 10.4+ can update external security and monitoring products and platforms in one standardized format. The result is far fewer headaches and much better security and reporting compliance for your IT staff. The OCSF is a big deal for the following reasons: Broad security partner Integration potential: The OCSF project was initiated by a partnership between Splunk and AWS, which built on the ICD Schema developed at Symantec—now part of Broadcom There are now 15 additional members, including some of the biggest names in technology and cybersecurity: Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and ZScaler OCSF allows customers to avoid vendor lock-in by using a widely supported format As a result, NetBackup 10.4+ users get the following benefits: Three log push format options, with one option only usable at a time: generic NetBackup, OCSF, and Microsoft Sentinel Advanced Security Information (ASIM) Simultaneous NetBackup and OCSF pull formats are also available, with one option only usable at a time Security solutions that utilize the OCSF schema produce data in a consistent format. At the same time they accurately capture the full meaning and relevance of audit security message event information OCSF helps security teams simplify the ingestion and exchange of data between security tools. This produces faster and more accurate threat detection and investigation Security vendors and other data producers adopt and extend the OCSF schema for their specific domains Make your event monitoring and maintenance a big win by upgrading to NetBackup 10.4+ today.438Views0likes0CommentsDELL/EMC Isilon CEE time slice with Data Insight 6.1.X
Do any of the experts in this forum know if the suggested mechanism of utilizing multiple CEE servers form an Isilon array to increase throughput and performance would have a detriment on the Data Insight time slicing of events? I understand that configuring multiple CEE servers for an array would result in round-robin transmission of events from the array, but what I am wondering is if all of the CEE servers had the same DI Collector endpoint configured if there would be any issue at the endpoint (SymantecDataconnector) putting them in time slice order and capturing them to the correct MSU by path? Would there be any detriment to the DI application to be aware of? thank you PixSolved1.5KViews0likes2CommentsEV Audit query question
Hi All, I have stucked in the middle of situation as described below, I'm planning have results of "who & which" deletetion action taken in EV Archiving, Example result which i want to get result of : yyyy archive point deleted by Aaaa user. Query i tried is like ; DECLARE @ArchiveId varchar(112) DECLARE @StartDateTime datetime DECLARE @EndDateTime datetime SET @ArchiveId = '1B29F35DAA512AC47A64558FDF7A614571110000example.local' SET @StartDateTime = '2017-10-05 08:27:48' SET @EndDateTime = '2017-10-05 08:28:37' CREATE TABLE #ArchiveFolders ( VaultEntryId varchar(112) ) INSERT INTO #ArchiveFolders SELECT VaultEntryId FROM [EnterpriseVaultDirectory].[dbo].[ArchiveFolderView] WHERE ArchiveVEID = @ArchiveId SELECT * FROM [EnterpriseVaultAudit].[dbo].[EVAuditView] auditView LEFT JOIN #ArchiveFolders archFolder ON archFolder.VaultEntryId = auditView.Vault WHERE AuditDate BETWEEN @StartDateTime and @EndDateTime AND CategoryName in ('Search', 'Delete') ORDER BY AuditID DROP TABLE #ArchiveFolders This query returns me result of deleted items, however the thing i want to combine this result is "whom archive point" As explained above , Vault section is generated, however generated result is not giving us correct archiving point. with this result it's quite hard to understand taken deletion action. May i ask your support to get best result according to my request?648Views0likes0CommentsHow to move all Netbackup logs another server to audit
Hello people, My company is centralizing all the operational transaction logs on a syslog server and I need to direct all the logos generated in the netbackup daily tasks to that server, does anyone know how I perform this procedure?2.4KViews0likes3CommentsAudit Search
Hi, We have been asked to search through multiple users mailboxes for keywords. This is fine in Exchange, but not how I remember it in Vault. We are running V11 and I have not done this since maybe v8 or v9. First problem. I have no rights to the users archives. Is there a quick way to add the EV admin user to have rights to the all of the Mailbox Archives in EV? I don't want to have to struggle though hundreds of vaults adding in permissions. Next, is there a good way to search through a load (many, but not all) mailbox vaults for certain key words and export that information to PST for example? I know I did this many years ago in an older version, but not sure how now. Hopefully this will be something failrly common and will be easy to do. Many thanks in advance.1.3KViews0likes4Comments