Today, 5 December 2016, we’ve released our MTD v3.6.1 software, just in time for the celebration of the Dutch holiday, Sinterklaas. This release is the first following our multi-tenancy release, v3.6.0, and adds a huge number of features and improvements. In this post, I’d like to elaborate on its most-wanted feature: CEF.
CEF stands for ‘Common Event Format’ and is a Syslog message format adopted by a large number of major players in the security market. It was designed as an interoperable standard for exchanging information about events. By implementing CEF, vendors agree on a standardised message format, as opposed to having to agree on custom message formats for separate partnerships/integrations.
Support for CEF in the MTD brings a powerful mechanism for integration with third-party systems. Think about firewalls, for example, or more importantly: SIEMs. All major SIEMs support CEF too. Hooking up your SIEM to the RedSocks MTD has therefore become a piece of cake: just tell your SIEM to expect CEF-formatted Syslog messages, and everything will work out-of-the-box!
What happens to your MTD’s Syslog notifications?
If you already use your MTD’s Syslog facility, you don’t need to worry about your existing Syslog message parsers, as your existing configuration remains untouched. This release only brings an additional feature without changing the existing RedSocks message format. If you want to use CEF though, you need to change the message format in the Syslog settings page in the MTD’s Web interface.
This release paved the way for the nice things we have in the works for v3.6.2 and v3.6.3. Work on these releases is already well underway and we’ll have more news for you again in January 2017. Stay tuned!
Written by: Dr. Rick Hofstede, Product Manager @ RedSocks Security