1 unstable release
0.0.2 | Apr 24, 2021 |
---|
#17 in #siem
93KB
330 lines
uSIEM PulseSecure
PulseSecure parser for uSIEM
Tested in virtual appliance 9.1R10 (build 10119)
in AWS.
Easy to deploy, follow https://www-prev.pulsesecure.net/download/techpubs/current/1221/pulse-connect-secure/pcs/9.0rx/ps-pcs-9.0r1-aws-deployment-guide.pdf
Event ID list
Login succeded: AUT31504 Login succeded: ADM22668 Login failed: AUT23457 Session timed out: AUT22886 Primary authentication successful: AUT24326 Primary authentication successful: AUT30684 Primary authentication failed: AUT24327 Password change failed: USR24630 User account modified: USR22898 User accounts modified: ADM20716 Super admin session created using token: ADM23452 Admin token is created for administrative logon recovery: ADM24511 Changed log event LicenseServer: ADM20603 Logon: AUT24803 Update: AUT23524 Logout: AUT22673 Logout: ADM22671 Concurrent connection limit: AUT31085
Dependencies
~3–4.5MB
~70K SLoC