ProxySG and Security Analytics Integration

book

Article ID: 168607

calendar_today

Updated On:

Products

Security Analytics ProxySG Software - SGOS

Issue/Introduction

Is there a way to take the traffic that is going through the ProxySG and push it to a Security Analytics appliance?
 

Resolution

At the time of writing, there is no feature that allows the ProxySG to communicate directly with the Security Analytics.

A possible solution to achieve this requirement is to mirror (SPAN) the port(s) of the ProxySG to the port(s) connected to the Security Analytics. Refer to http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html for more information.

For intercepted SSL traffic, the ProxySG has the Encrypted TAP feature that could send decrypted SSL traffic through the TAP port(s).

Encrypted tap streams decrypted data from intercepted HTTPS or STunnel SSL transactions on client connections. The tap is performed simultaneously and on the same ProxySG appliance which is performing the Secure Web Gateway function. The data is presented in a format that can be understood by common network traffic analysis tools like Wireshark, common network intrusion detection systems such as Snort, and so on.
  • Encrypted Tap does not support VLAN.
  • MTU is fixed at 1500 bytes.
  • SSL protocol headers/records/details are not preserved.
  • Encrypted Tap is supported for forward proxy for STunnel and HTTPS, and for reverse proxy for HTTPS.