Accenture MDR Quick Start Guide for Semperis Directory Services Protector

Owned by Dinesh Murugaiyan
Last updated: Aug 04, 2022 by KM (Unlicensed)
3 min read

This quick start guide will help Accenture MDR customers configure Semperis Directory Services Protector to send logs to the Log collection Platform (LCP).

This document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.

Port Requirements

Table 1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

DSP Management

LCP

6514 (Secure_TCP)

Default port

 

Configuring Semperis Directory Services Protector

  1. Go to the settings page by clicking on the setting icon on the left side bottom corner.

  2. Click on SIEM Integration

  3. Primary Syslog Server: Provide LCP IP/hostname

  4. Primary Port: 6514

  5. Click Use TLS toggle to switch the value to Yes

  6. Client Certificate for Secure Two-Way Communication: Please reach out to Accenture MxDR team for certificate details.

  7. Polling Frequency: Provide how often(in seconds) the syslog is to poll DSP for new events

 

 

 

 

 

Use the Change Event Filtering pane on the Settings > SIEM Integration page to specify the change events to be sent to the monitoring system

To specify the change events to be forwarded, enter the following information:

  • Attributes: Use the first drop-down to specify if an attribute is to be included or excluded. Use the second drop-down to select one or more attributes to be included or excluded and by including or excluding attributes, you are filtering logs to be forwarded. MxDR recommend to leave this as blank, we support all logs.

  • Classes: Use the first drop-down to specify if a class is to be included or excluded. Use the second drop-down to select one or more classes to be included or excluded and by including or excluding classes, you are filtering logs to be forwarded. MxDR recommend to leave this as blank, we support all logs.

  • Operations:Use the drop-down to select one or more operations. Please leave this as blank, we support all type of operation logging.

  • AD Changed Items: Enable this toggle to send the AD change events to the syslog server.

  • Partitions: Use the drop-down to select the partitions from which change events are to be forwarded.

  • DNS: Enable this toggle to send DNS change events to the syslog server.

  • Send Operations Log to SysLog: Enable this toggle to send the DSP operation log to the Syslog server.

LCP Configuration Parameters

Table 1-2: The Semperis Directory Services Protector event collector (Syslog -3984) properties to be configured by Accenture are given in the table.

Property

Default Value

Description

Protocol                      

Secure_TCP

The collector can accept Broadcom Edge Secure Web Gateway logs in Secure TCP protocol.

The collector can also accept logs in TCP and UDP.

Host Names/IP Addresses 

*

Hostname/Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ).

Note: If the device sends logs using multiple interfaces, contact your onboarding team.

Signatures    

Semperis.DSP

MDR recommended signatures processed by the Broadcom Edge Secure Web Gateway event collector.

Port Number    

6514

The default port for Secure TCP. 

For TCP, the default port is 601 and for UDP, the default port is 514.

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.