Professional Documents
Culture Documents
Partner Information
Product Information
Partner Name AirTight Networks
Web Site www.airtightnetworks.com
Product Name SpectraGuard Enterprise
Version & Platform 6.7 Linux/Centos
Product Description SpectraGuard Enterprise is a complete, end-to-end wireless intrusion
prevention solution (WIPS) which proactively block wireless threats by
automatically scanning, detecting and classifying all unauthorized access
and rogue traffic to your network. SpectraGuard Enterprise provides
performance management and knowledge-based troubleshooting features
that allow analysis and resolution of remote wireless network issues from a
central location.
AirTight Networks
SpectraGuard Enterprise (SGE)
Solution Summary
AirTight Networks SpectraGuard Enterprise (SGE) enables enterprises to protect both wired and wireless
networks and mobile client security from wireless vulnerabilities. AirTight delivers threat monitoring and
automatic intrusion prevention and manages wireless network performance for maximum capacity and
uptime. SpectraGuard Enterprise protects organizations from emerging threats including comprehensive
802.11n rogue APs, Multi-Pot threats, Denial of Service, and WEP cracking attacks. By integrating with
RSA enVision, SGE log activity can be used in an effective security log management solution for real-time
alerting, correlated rules and events, and scheduled reporting.
RSA enVision Features
SpectraGuard Enterprise 6.7
Release Notes
Release Date What’s New In This Release
03/30/2012 Changed 8 messages from Table 1 to Table 74. All tables are Content 2.0.
11/14/2011 Added support for AirTight SpectraGuard Enterprise 6.6.
08/02/2011 Changed and added additional variables to existing messages.
07/19/2011 Added additional variables to existing messages.
06/01/2011 Initial support for AirTight SpectraGuard Enterprise.
-2-
AirTight Networks
SpectraGuard Enterprise (SGE)
-3-
AirTight Networks
SpectraGuard Enterprise (SGE)
Note: You will now be notified via e-mail when new or existing ESI
packages are updated.
3. The RSA enVision EventSource Integrator box will appear. If you wish to have the NIC Service Manager service
restart on all of your sites after the install, click Yes. If you plan to manually restart the services later, click No.
The time the script file takes to run depends on the number of event source XML files that need to be verified. If
you are deploying a new event source, the script assigns an event source type ID to the event source. If you are
updating an existing event source, the event source XML file is updated.
4. Login to the enVision console to confirm the new device type is displayed under Overview System
Configuration Devices Manage Device Types and listed as ATNSpectraGuardPE.
-4-
AirTight Networks
SpectraGuard Enterprise (SGE)
Syslog Configuration
The Syslog Configuration screen allows the SpectraGuard Enterprise to send events to designated Syslog receivers.
-5-
AirTight Networks
SpectraGuard Enterprise (SGE)
• Syslog Integration Status: If Syslog Integration Enabled is checked, the system sends messages to the
configured Syslog Servers. Otherwise, Syslog integration services are shut-off and you cannot manage the
Syslog Servers.
• Current Status: Displays the Current Status of the Syslog Server: Running or Stopped. An Error status is
shown in one of the following cases:
• One of the configured and enabled Syslog Servers has a hostname, which cannot be resolved
• System Server is stopped
• Internal error, in which case you need to contact AirTight Networks Technical Support
2. Enter the Syslog Server (IP Address or Hostname) of the RSA enVision server.
3. Enter the Port Number of the enVision syslog port (Default: 514).
4. From the Message Format pull-down menu, select Plain text. This specifics the format in-which events
are sent to enVision.
5. Next, check the Enabled checkbox. This enables events to be sent to this Syslog receiver.
6. Finish by clicking the Add button.
-6-
AirTight Networks
SpectraGuard Enterprise (SGE)
Message Management
Disabled device creates unknown device in monitored device list
Temporary nugget files are removed
Queries / Reports
Messages for device populate the table columns correctly
Ad Hoc report populates variables correctly
-7-
AirTight Networks
SpectraGuard Enterprise (SGE)
Appendix
In certain cases after deploying the ESI Package, the device may come into enVision as an Unknown
device type. To resolve this issue, complete the following steps.
1. In the enVision GUI, select Overview System Configuration Devices Managed Monitor Devices,
then click on the IP Address of the Unknown device.
-8-
AirTight Networks
SpectraGuard Enterprise (SGE)
2. From the Device Type pull-down menu, select the correct device type. For the name of the device as it
appears in enVision, refer to the above section RSA enVision Features, page 2.
-9-
AirTight Networks
SpectraGuard Enterprise (SGE)
6. Click Apply.
- 10 -