HPE Aruba Networking

  • Updated on Jan 27, 2025
  • Published on Dec 16, 2024
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

HPE Aruba ClearPass

✅

✅

hpe_aruba_clearpass_alerts

CSV

S3

Overview

HPE Aruba ClearPass is a powerful network access control (NAC) solution that provides secure, policy-based access for wired, wireless, and VPN networks. It enables organizations to authenticate, authorize, and enforce security policies for users and devices across diverse environments. With features like role-based access control, device profiling, and automated threat responses, ClearPass simplifies managing network security while enhancing visibility and compliance.

Supported data types

Aruba ClearPass

Table name: hpe_aruba_clearpass_alerts

HPE Aruba ClearPass alerts notify administrators of security events and policy violations within the network. These alerts provide critical information about unauthorized access attempts, suspicious activity, or endpoint compliance issues, enabling swift action to mitigate risks. They can be configured to trigger automated responses or integrate with third-party security tools for enhanced incident management.

Send data to Hunters

Hunters supports the collection of HPE Aruba Networking logs via an intermediary AWS S3 storage.

To connect HPE Aruba Networking logs:

  1. Set up log forwarding from HPE Aruba Networking to a designated AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in CSV format.

_TIME,ATTRIBUTES,COMMON_ALERTS,COMMON_ALERTS_PRESENT,COMMON_AUTH_TYPE,COMMON_CONNECTION_STATUS,COMMON_ENFORCEMENT_PROFILES,COMMON_ERROR_CODE,COMMON_HOST_MAC_ADDRESS,COMMON_LOGIN_STATUS,COMMON_NAS_IP_ADDRESS,COMMON_NAS_NAME,COMMON_NAS_PORT,COMMON_REQUEST_ID,COMMON_REQUEST_TIMESTAMP,COMMON_ROLES,COMMON_SERVICE,COMMON_SESSION_LOG_TIMESTAMP,COMMON_SOURCE,COMMON_SYSTEM_POSTURE_TOKEN,COMMON_USERNAME,CRIBL_PIPE,HOST,RADIUS_AUTH_METHOD,RADIUS_AUTH_SOURCE,SOURCE,SOURCETYPE,_RAW,EVENT_TIME,GENERATED_TIME
1707725749,,"Policy server: Failed to get value for attributes=[AccountStatus, Device Account Enabled, Device Role Name]",0,,Unknown,DUR-Access-Point-VL500,0,6cc49fc2a230,ACCEPT,10.55.244.254,H0863-SW1,1,R081fc508-06-65ca43a7,2024-02-12 08:13:27-08,"[Other], [User Authenticated]",VCA - Wired - MAC Auth - Wireless Vlan 500,2024-02-12 08:13:27.633-08,RADIUS,UNKNOWN,6cc49fc2a230,pip_vca_aruba_clear_pass_snowflake_prod,guestwifi.vca.com,MAC-AUTH,None,/opt/splunkforwarder/syslog/laissplogp01/aruba/clearpass/guestwifi.vca.com/2024-02-12.log,aruba:clearpass,"""Feb 12 08:15:49 guestwifi.vca.com 2024-02-12 08:15:49,464 10.230.107.135 VCA-Syslog 367735390 1 0 Common.Username=\""6cc49fc2a230\"",Common.Service=\""VCA - Wired - MAC Auth - Wireless Vlan 500\"",Common.Roles=\""[Other], [User Authenticated]\"",RADIUS.Auth-Source=\""None\"",RADIUS.Auth-Method=\""MAC-AUTH\"",Common.System-Posture-Token=\""UNKNOWN\"",Common.Enforcement-Profiles=\""DUR-Access-Point-VL500\"",Common.Host-MAC-Address=\""6cc49fc2a230\"",Common.NAS-IP-Address=\""10.55.244.254\"",Common.Error-Code=\""0\"",Common.Alerts=\""Policy server: Failed to get value for attributes=[AccountStatus, Device Account Enabled, Device Role Name]\"",Common.Request-Timestamp=\""2024-02-12 08:13:27-08\"",Common.Alerts-Present=\""0\"",Common.Login-Status=\""ACCEPT\"",Common.NAS-Name=\""H0863-SW1\"",Common.NAS-Port=\""1\"",Common.Request-Id=\""R081fc508-06-65ca43a7\"",Common.Session-Log-Timestamp=\""2024-02-12 08:13:27.633-08\"",Common.Source=\""RADIUS\"",Common.Auth-Type=\""\"",Common.Connection-Status=Unknown""",2024-02-12T16:15:52.488Z,2024-02-12T08:15:49.000Z