Versions Compared

Old Version 1

changes.mady.by.user Miguel Lauriano

Saved on

compared with

New Version 2

changes.mady.by.user Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SafeNet Authentication Service (SAS) is an enterprise-class authentication server designed to extend authentication services to users in a single organization or across an unlimited number of entities. These entities can be almost anything, from divisions or cost centers within a company, to subsidiaries or completely independent organizations. Its multi-tier, multi-tenant structure accommodates just about any hierarchy, reporting structure, business structure, security segregation, or other delineation.

Device Information

 Entity

Particulars

Vendor Name

Thales (Gemalto)

Product Name

Safenet Authentication Service (SAS) PCE

Type of Device

Hosted

Collection Method

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log collection method

Thales MFA

THALES_MFA

Syslog - CEF

CyberHub

Port Requirements

Source

Destination

Port

Thales

Safenet Authentication Service

(Gemalto) (SAS) PCE

CyberHub

514 (UDP)

Device Configuration

SafeNet Authentication Service (SAS) logs are generated on the service providers’ servers. The SafeNet Agent for Remote Logging sends the information displayed in the SafeNet Authentication Service Manager window together with Operator Activity information to a configured Syslog Server.

...

  • SAS Manager should be installed and configured on the machine.

  • SafeNet Agent for Remote Logging should be installed.

Configuring To configure Safenet Remote Logging Agent :

  1. To configure the Agent. Click Start > All Programs > SafeNet > Agents > Logging Agent. The SafeNet Authentication Service Logging Agent is displayed.

  2. Under In Current Organization, click Add. Browse to the location of the LoggingAgentConfigFile.bmc and load the file. This file will be available once you configure SAS Manager.

  3. The Current Organization section will update to show information about your Virtual Server.

...

  1. Select the Click Configuration tab.

  2. From the In Message Type list, select one of the following:
    • Authentication Message
    • Operator Authentication Message

You can only select one message type at a time. You need to configure it through and then select second message type and repeat the process.

...

  1. From the In Configuration > Send To list>, select Syslog.

  2. For Configuring syslog do the following:
    a. In the Primary field , enter the IP: Port of the Syslog server in format as [ CYBERHUB_IP: 514]
    b. In the Secondary field, keep it blank.
    c. Format - choose ArcSight.
    d. Click Apply.

...

Secondary Field will be auto populated with some value if kept blank. Regardless please keep it blank

...

.

Once Configuration is saved and done - click , In Service Status > click Start. Also, for any changes done in SAS manager or remote logging agent, you must restart the Remote Logging Agent for changes to take effect.

...

Parameters required from customer for Integration.

Property

Default Value

Description

IP Address

Thales

Safenet Authentication Service

(Gemalto) (SAS) PCE interface IP address

Hostname or IP address of the device which forwards logs to the CyberHub