Transcription
Version 1.0August 2020702P08324Xerox AltaLink SeriesSecurity Information and EventManagement Reference Guide
2020 Xerox Corporation. All rights reserved. Xerox , Xerox and Design , AltaLink , FreeFlow , SMARTsend , Scanto PC Desktop , MeterAssistant , SuppliesAssistant , Xerox Secure Access Unified ID System , Xerox ExtensibleInterface Platform , Global Print Driver , and Mobile Express Driver are trademarks of Xerox Corporation in theUnited States and / or other countries.Adobe , Adobe PDF logo, Adobe Reader , Adobe Type Manager , ATM , Flash , Macromedia , Photoshop , andPostScript are trademarks or registered trademarks of Adobe Systems, Inc.Apple , Bonjour , EtherTalk , TrueType , iPad , iPhone , iPod , iPod touch , AirPrint and the AirPrint Logo , Mac ,Mac OS , and Macintosh are trademarks or registered trademarks of Apple Inc. in the U.S. and other countries.Google Cloud Print web printing service, Gmail webmail service, and Android mobile technology platform aretrademarks of Google, Inc.HP-GL , HP-UX , and PCL are registered trademarks of Hewlett-Packard Corporation in the United States and/orother countries.IBM and AIX are registered trademarks of International Business Machines Corporation in the United States and/orother countries.McAfee , ePolicy Orchestrator , and McAfee ePO are trademarks or registered trademarks of McAfee, Inc. in theUnited States and other countries.Microsoft , Windows Vista , Windows , Windows Server , and OneDrive are registered trademarks of MicrosoftCorporation in the United States and other countries.Mopria is a trademark of the Mopria Alliance.Novell , NetWare , NDPS , NDS , IPX , and Novell Distributed Print Services are trademarks or registeredtrademarks of Novell, Inc. in the United States and other countries.PANTONE and other Pantone, Inc. trademarks are the property of Pantone, Inc.SGI and IRIX are registered trademarks of Silicon Graphics International Corp. or its subsidiaries in the UnitedStates and/or other countries.Sun, Sun Microsystems, and Solaris are trademarks or registered trademarks of Oracle and/or its affiliates in theUnited States and other countries.UNIX is a trademark in the United States and other countries, licensed exclusively through X/ Open Company Limited.Wi-Fi CERTIFIED Wi-Fi Direct is a trademark of the Wi-Fi Alliance.
Table of Contents1 Introduction. 9SIEM Overview. 10Configuring SIEM. 10Supported Printers . 112 Device Configuration .13Configuration Overview. 14Configuring SIEM. 15Configuring a SIEM Destination. 16Editing a SIEM Destination . 173 Message Format .19Message Format Overview . 20Syslog Message Format. 21Severity Levels . 224 Message List .23Message List Overview . 29CEF Key Name Mapping . 301 System Startup . 322 System Shutdown . 333 Standard Disk Overwrite Started . 344 Standard Disk Overwrite Complete . 355 Print Job . 366 Network Scan Job . 377 Server Fax Job. 388 Internet Fax Job. 399 Email Job . 4010 Audit Log Disabled. 4111 Audit Log Enabled. 4212 Copy Job. 4313 Embedded Fax Job. 4414 LAN Fax Job. 4516 Full Disk Overwrite Started . 4617 Full Disk Overwrite Complete. 4720 Scan to Mailbox Job. 4821 Delete File/Dir. 49Xerox AltaLink SeriesSecurity Information and Event Management Reference Guide3
Table of Contents23 Scan to Home . 5024 Scan to Home Job. 5127 Postscript Passwords . 5229 Network User Login. 5330 SA Login . 5431 User Login . 5532 Service Login Diagnostics. 5633 Audit Log Download . 5734 Immediate Job Overwrite Enablement . 5835 SA PIN Changed . 5936 Audit Log File Saved. 6037 Force Traffic over Secure Connection. 6138 Security Certificate . 6239 IPsec. 6340 SNMPv3. 6441 IP Filtering Rules . 6542 Network Authentication Configuration. 6643 Device Clock . 6744 Software Upgrade. 6845 Clone File Operations . 6946 Scan Metadata Validation. 7047 Xerox Secure Access Configuration. 7148 Service Login Copy Mode . 7249 Smartcard Login . 7350 Process Terminated . 7451 Scheduled Disk Overwrite Configuration. 7553 Saved Jobs Backup. 7654 Saved Jobs Restore. 7757 Session Timer Logout. 7858 Session Timeout Interval Change. 7959 User Permissions . 8060 Device Clock NTP Configuration . 8161 Device Administrator Role Permission. 8262 Smartcard Configuration. 8363 IPv6 Configuration. 8464 802.1x Configuration . 8565 Abnormal System Termination . 8666 Local Authentication Enablement . 8767 Web User Interface Login Method. 8868 FIPS Mode Configuration . 8969 Xerox Secure Access Login. 9070 Print from USB Enablement. 9171 USB Port Enablement. 924Xerox AltaLink SeriesSecurity Information and Event Management Reference Guide
Table of Contents72 Scan to USB Enablement . 9373 System Log Download. 9474 Scan to USB Job. 9575 Remote Control Panel Configuration . 9676 Remote Control Panel Session . 9777 Remote Scan Feature Enablement. 9878 Remote Scan Job Submitted . 9979 Remote Scan Job Completed. 10080 SMTP Connection Encryption . 10181 Email Domain Filtering Rule . 10282 Software Verification Test Started . 10383 Software Verification Test Complete . 10484 McAfee Security State. 10585 McAfee Security Event . 10687 McAfee Agent . 10788 Digital Certificate Import Failure. 10889 Device User Account Management . 10990 Device User Account Password Change . 11091 Embedded Fax Job Secure Print Passcode. 11192 Scan to Mailbox Folder Password . 11293 Embedded Fax Mailbox Passcode . 11394 FTP / SFTP Filing Passive Mode . 11495 Embedded Fax Forwarding Rule . 11596 Allow Weblet Installation . 11697 Weblet Installation . 11798 Weblet Enablement . 11899 Network Connectivity Configuration. 119100 Address Book Permissions . 120101 Address Book Export . 121102 Software Upgrade Policy . 122103 Supplies Plan Activation. 123104 Plan Conversion . 124105 IPv4 Configuration. 125106 SA PIN Reset. 126107 Convenience Authentication Login . 127108 Convenience Authentication Configuration . 128109 Embedded Fax Passcode Length . 129110 Custom Authentication Login. 130111 Custom Authentication Configuration. 131112 Billing Impression Mode. 132114 Clone File Installation Policy . 133115 Save For Reprint Job. 134116 Web User Interface Access Permission. 135Xerox AltaLink SeriesSecurity Information and Event Management Reference Guide5
Table of Contents117 System Log Push to Xerox . 136120 Mopria Print Enablement . 137123 Near Field Communication (NFC) Enablement . 138124 Invalid Login Attempt Lockout . 139125 Secure Protocol Log Enablement . 140126 Display Device Information Configuration. 141127 Successful Login After Lockout Expired. 142128 Erase Customer Data . 143129 Audit Log SFTP Scheduled Configuration. 144130 Audit Log SFTP Transfer . 145131 Remote Software Download Policy. 146132 AirPrint & Mopria Scanning Configuration. 147133 AirPrint & Mopria Scan Job Submitted. 148134 AirPrint & Mopria Scan Job Completed. 149136 Remote Services NVM Write. 150137 FIK Install via Remote Serv
Enterprise Security Manager, LogRhythm, and Splunk Enterprise Security. The SIEM feature enables your Xerox AltaLink device to send security events directly to compatible SIEM systems using the syslog protocol. SIEM solutions can provide predefined
