Documentation Center
AlienVault® USM Anywhere™

Trustwave Secure Web Gateway

When you configure Trustwave Secure Web Gateway integration to send log data to USM Anywhere, you can use the Trustwave Secure Web Gateway plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Trustwave
Device type Unified threat management
Connection type syslog
Vendor link For information, see the Trustwave Secure Web Gateway v11 User Guide (pdf) on the vendor website.

Integrating Trustwave Secure Web Gateway

Before you configure the integration, you must have the IP Address of the USM AnywhereUSM Appliance Sensor.

To configure Trustwave Secure Web Gateway to forward log data to USM Anywhere

  1. In the Syslog Target tab of the Log Properties screen, using the top set of entry fields on a Facility line, beginning with Facility1 to define a facility.

    Note: You must do this for each of the following for each message type, System Log, Scanner, and/or Audit, that you plan to send to USM Anywhere.

    1. In the Facility Mode field, select a mode label, and use this label to differentiate Trustwave logs from each other and from other platforms’ logs on the remote syslog server.
    2. In the Primary IP field, specify the USM Anywhere sensor IP address. 
    3. In the Primary Port field, specify 514. 
  2. In the bottom set of entry fields, select the checkbox associated with each message type you want to send to syslog, then select the facility that you defined for it.

Plugin Enablement

For plugin enablement information, see Manual Plugin Management.

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.

  • access_control_outcome

  • customfield_0 → Changes commited

  • customfield_1 → View

  • customfield_2 → Update

  • destination_address

  • destination_hostname

  • destination_username

  • event_action

  • event_name

  • event_outcome

  • event_type

  • policy

  • rep_device_hostname

  • timestamp_occured

  • transport_protocol

Troubleshooting

For troubleshooting, refer to the vendor documentation:

Trustwave Secure Web Gateway v11 User Guide