Juniper Pulse Secure Integration Guide
Juniper Pulse Secure should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions provided by Juniper in this article.
Firewall Requirements ⫘
Source | Destination | Port/Protocol |
---|---|---|
Juniper Management Interface | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integrations ⫘
Auth | DNS | HTTP | Netflow | NIDS | Process | Thirdparty | |
---|---|---|---|---|---|---|---|
PulseSecure VPN | D |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Logging Configuration Instructions ⫘
Configure syslog for events, user access, administrator access and client logs on your Pulse Secure device by following the instructions provided by Juniper in this article.
Consider the following requirements when completing the configuration steps:
- Events to Log — Select all types to log.
- Type — UDP
- Server name/IP — This is the IP address of the XDR Collector.
- Filter — Select Standard.
- Repeat the same process for user access, admin access, sensors, and client logs so that all categories are sent to the XDR Collector for processing.
Note
Juniper Pulse Secure events are normalized as Secureworks® Taegis™ XDR Sensor Type PulseSecure_SA
.