P-Lenel Onguard 2013

Lenel is a Global leader in providing advanced security solutions and flexible integration solution to the organization. Onguard Access control system provides details about the Badge access logs and helps us track the badge swipe activity of a person into an organization.

Author:

Maulin Dalal

Main Use Cases

Below are the main use cases for this packages

Use Case - Track Badge Access Activity

This use case deals with multiple listed user stories below that provide details about badge access control system and tracking of day to day badge access activity in an organization.
  • All Lenel Badge Access Events
  • Lenel Badge Access Denied Events
  • Lenel Badge Access Granted Events
  • Lenel Badge Access Granted But Entry Not Taken Events
  • Lenel Invalid Card Format Events
  • Lenel Multiple Denied Count Exceeded Events

Supported Log Sources

Here are the log source types supported by this package as delivered:

Vendor Product Version(s) Comments
LENEL Onguard 2013 Requires Flex Connector

Download Instructions

The latest P-Linux package can be downloaded from the ArcSight Marketplace.

Installation

Lenel Onguard2013 Flex Connector Installation.

The installation steps for P-LenelOnguard2013 flex connector has been mentioned in PLenelOnguard2013FlexConnector.

Package Installation

Prerequisites

  • Ensure that Activate Base package version 2.5 or newer is installed.
  • ESM 6.8 or above version should be installed.
  • Flex connector should be configured appropriately.
  • Categorization File onguard2013.csv should be placed on the below path where the flex connector is installed: /home/cif/CIF_FlexConnector/current/user/agent/acp/categorizer/current/lenel/onguard2013.csv

Note: Create the folders in case any folders are missing and assign those folders read,write and execution permissions.:

Package Installation Procedure


1. Copy P-Lenel_Onguard2013_v1002.bat file as well as the P-Lenel_Onguard2013_v1002.arbfile to the current directory on the path where the ArcSight Console is installed i.e. c:\arcsight\console\current


2. Open a command prompt and navigate to the "current" directory of your respective console.

3. Execute the P-LenelOnguard2013_v1102.batfile to install the package


4. You will be prompted to enter the manager hostname, username and password.The Password will be displayed in clear text.


5. Once the package installation is complete, there will be "Install complete" message on your command prompt.

6. After the update, your packages in ArcSight ESM will look like the screenshot to the right.

If you run into any issues, the errors will be displayed in the command prompt window.


7. You can now delete the files from ARCSIGHT_HOME
  • P-LenelOnguard2013_<version>.zip
  • P-LenelOnguard2013_<version>.arb

Package Uninstallation

Below are some steps to uninstall a package.

1. In the ArcSight ESM Console, navigate to "Packages" tab and right click on P-Lenel Onguard2013 package.

2. Click on "Delete Package".
3. Click Delete
4. Select "Delete Resources" and Click on "OK".
5. Click OK
6. Click OK
7. Navigate to "Packages" tab in Arcsight ESM console and check to ensure the package has been removed.

Activate Package Configuration

Product Package with L1 Indicators and Warnings Package

Physical Security

  1. Filter Configuration The L1 Physical Security - Indicators and Warnings package has been tested end to end with P-Lenel Onguard2013 Package.

Below are the steps to configure Product Package filters (Badge Access Denied Events) with L1-Physical Security Indicators and Warning filters:

  1. Edit the filter "/All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied Events".
  2. By Default the condition is set to "False" for L1 - Badge Access Denied Events.
3.Use OR operator in order to select more than one Filter from the same or multiple product.

4. Click on "Filters" tab.

5. In this case select "Badge Access Denied Events" Filter from the P LENEL Onguard2013 product package for L1 - Physical Security Indicators and Warnings Package filter "Badge Access Denied Events" and click OK.

  • The rule "Badge Access Denied on Multiple Doors" in L1 Physical Security Indicators and Warning will be applied to the customized filters without doing any further configuration changes.

  • Similar procedure can be followed for all the other L1 Physical Security Indicators and Warning Filters.

  1. List of filters that need to configure with filters in L1 Physical Security - Indicators and Warnings package:

Filters URI: L1 Physical Security URI: P LENEL Onguard2013
All Badge Access Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/All Badge Events /All Filters/ArcSight Activate/Core/Product Filters/P LENEL Onguard2013/All Lenel Badge Access Events
Badge Access Denied Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Denied Events /All Filters/ArcSight Activate/Core/Product Filters/P LENEL Onguard2013/Lenel Badge Access Denied Events
Badge Access Granted Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Granted Events /All Filters/ArcSight Activate/Core/Product Filters/P LENEL Onguard2013/Lenel Badge Access Granted Events
Badge Rejected at Same Door /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Rejected at Same Door /All Filters/ArcSight Activate/Core/Product Filters/P LENEL Onguard2013/Lenel Multiple Denied Count Exceeded Events
Invalid Card Format Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Invalid Card Format Events /All Filters/ArcSight Activate/Core/Product Filters/P LENEL Onguard2013/Lenel Invalid Card Format Events
Badge Access Granted but No Entry Taken Events /All Filters/ArcSight Activate/Solutions/Physical Security/Indicators and Warnings/Badge Access Granted but Entry Not Taken Events /All Filters/ArcSight Activate/Core/Product Filters/P LENEL Onguard2013/Lenel Badge Access Granted but Entry Not Taken Events

Resources

Below are the list of resources included in this package:
Resource Name Path Description
All Lenel Badge Access Events /All Filters/ArcSight Activate/Solutions/Physical Security/All Lenel Badge Access Events This filter identifies all the Lenel Onguard2013 Badge Access events
Lenel Badge Access Denied Events /All Filters/ArcSight Activate/Solutions/Physical Security/Lenel Badge Access Denied Events This filter identifies all the Lenel Badge Access Denied events.
Lenel Badge Access Granted Events /All Filters/ArcSight Activate/Solutions/Physical Security/Lenel Badge Access Granted Events The filter identifies all the events generated for the Badge Access Granted successfully.
Lenel Invalid Card Format Event /All Filters/ArcSight Activate/Solutions/Physical Security/Lenel Invalid Card Format Event The filter identifies events generated for an Invalid Card Format.
Lenel Badge Access Granted But Entry Not Taken Events /All Filters/ArcSight Activate/Solutions/Physical Security/Lenel Badge Access Granted But Entry Not Taken Events The filter identifies all the events generated for the Badge Access Granted but no entry taken.
Lenel Multiple Denied Count Exceeded Events /All Filters/ArcSight Activate/Solutions/Physical Security/Lenel Multiple Denied Count Exceeded Events The filter identifies events generated for multiple Badge Access Denied count exceeded events.
Topic attachments
I Attachment Action Size Date Who Comment
swipe.csvcsv swipe.csv manage 26.8 K 13 Oct 2017 - 22:13 SeemaKhan Sample events csv format
Topic revision: r18 - 13 Oct 2017, SeemaKhan


 


Activate Wiki 2.1.0.0

This site is powered by FoswikiCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback