1 unstable release

0.0.2 Apr 24, 2021

#17 in #siem

MIT license

93KB
330 lines

uSIEM PulseSecure

PulseSecure parser for uSIEM

Tested in virtual appliance 9.1R10 (build 10119) in AWS. Easy to deploy, follow https://www-prev.pulsesecure.net/download/techpubs/current/1221/pulse-connect-secure/pcs/9.0rx/ps-pcs-9.0r1-aws-deployment-guide.pdf

Event ID list

Login succeded: AUT31504 Login succeded: ADM22668 Login failed: AUT23457 Session timed out: AUT22886 Primary authentication successful: AUT24326 Primary authentication successful: AUT30684 Primary authentication failed: AUT24327 Password change failed: USR24630 User account modified: USR22898 User accounts modified: ADM20716 Super admin session created using token: ADM23452 Admin token is created for administrative logon recovery: ADM24511 Changed log event LicenseServer: ADM20603 Logon: AUT24803 Update: AUT23524 Logout: AUT22673 Logout: ADM22671 Concurrent connection limit: AUT31085

Dependencies

~3–4.5MB
~70K SLoC