Pulse Connect Secure

Overview

Formerly named Juniper SA, Pulse Connect Secure is an SSL VPN solution that gathers large amounts of event data about your network and users.

Before You Begin

In order to setup this event source in InsightOps, you must first configure it to send syslog to the InsightOps collector. You can find instructions here.

Once syslog configuration is done, you can complete the setup within InsightOps.

How to Configure This Event Source

  1. From your dashboard, select Data Collection on the left hand menu
  2. At the top right of the page, select Add Data
  3. Select the VPN icon from the Security Data section
  4. Select your collector, and optionally name your event source
  5. From the list of event source options, choose Pulse Connect Secure
  6. Choose a timezone, or optionally choose a US timezone
  7. Optionally choose to send unfiltered logs
  8. Configure any advanced event source settings.
  9. Select either Listen for Syslog or Log Aggregator; both require that you specify a port and a protocol. Optionally choose to Encrypt the event source if choosing TCP
  10. Select the button "Download Certificate" which will download Rapid7's certificate. This file will be called Rapid7CA.pem and will allow InsightOps and Pulse Connect Secure to "trust" each other during log forwarding.

Advanced Event Source Settings

Inactivity Timeout Threshold: specify in minutes how long the event source should be inactive before it enters an error state. Fallback Domain(s): If you have event sources running in a multi-domain environment, Rapid7 recommends having a fallback domain in order to resolve any issues with user accounts.

For instance, if your company is the US and in Canada, but both locations have a user named "John Smith" and your main domain is company.com, your fallback domain could be company.ca, which would allow InsightOps to more accurately attribute data to the correct user.