Skip to content

BROADCOM

BROADCOM

About

SSL Visibility Appliance is a comprehensive, extensible solution that assures high-security encryption. The SSL Visibility Appliance provides timely and complete standards support, with 100 Cipher Suites and key exchanges offered.

Product Details

Vendor URL: BROADCOM

Product Type: Encryption

Product Tier: Tier III

Integration Method: Syslog

Integration URL: n/a

Log Guide: n/a

Parser Details

Log Format: CSV

Expected Normalization Rate: near 100%

Data Label: BROADCOM_SSL_VA

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
prodlogid metadata.product_log_id
"SSL Visibility" metadata.product_name
"Broadcom" metadata.vendor_name
hostname principal.hostname
pid principal.process.pid
srcip principal.ip
srcPort principal.port
event_type target.application
destip target.ip
destport target.port
smb_host target.hostname
smb_uid target.user.userid
tlsversion network.tls_version
ciphersuite network.tls.cipher
status security_result.action
action security_result.action_details
category security_result.category
rule security_result.rule_id
flag_list about.resource.attribute.Flag list
segment_id about.resource.attribute.segment_id

Product Event Types

Product Event Description UDM Event
src/destIp NETWORK_CONNECTION
Default All other events GENERIC_EVENT

Log Sample

Oct 20 21:30:12 HOSTNAME ssldata[15726]: [A:3b0318.5] product_log_id 10.107.218.31:59478 -> 10.104.164.115:443 TLS1.2 TLS_RSA_WITH_AES_128_GCM_SHA256 miapp.schwab.com --- cert fp: 93:9B:44:3F:91:76:E3:57:28:4D:2A:17:63:CC:BF:20:E7:86:E8:C6 rule:0 cut SUCCESS (0x0000000000000000) 0x60999b56006cfeca Full x509:V V[271756]:pT[0x182666d7e0e]:eF[0x400101a0004315f7]:type[Full]:pol[P0P1]:init[TI]:SNI[Match]:dname[SAN]:dix[0]:chix[0(O)]:rfw[N]:rov[N]:isix[S0]:cver[0x0303]:ver[03.03]cat[0x0]:CF[0x104020101403]:ChF[0x1000000000811]:Cmrx[SH|SC|CReq|SHD]:Cmtx[CH]:Cocx[0x2000009271]:Cchx[0x2000009271]:Cshx[0x1001]:Chrx[0x0]:Ceex[0x0]:SF[0x2000020000002]:ShF[0x252a00000000]:Smrx[CH]:Smtx[--]:Socx[0x2000009271]:Schx[0x2000009271]:Sshx[0x1001]:Shrx[0x0]:Seex[0x0]:Pxy[---]:sint[0x0]:nt[0x0]:Corr[0x0]:ALPN[--]:css[weak]:JA3[37fbfb78323357338ae6777bda79f9d7]:S019 {"additional":[{"label":"smb_host","value":"smb_host_value"},{"label":"smb_stage1","value":"smb_stage1_value"},{"label":"smb_uid","value":"smb_uid_value"},{"label":"smb_timezone","value":"EDT"},{"label":"source_country","value":""},{"label":"source_country_name","value":""}]}

Sample Parsing

metadata.event_timestamp = "1666301412"
metadata.vendor_name = "Broadcom"
metadata.product_name = "SSL Visibility"
metadata.event_type = "NETWORK_CONNECTION"
metadata.product_log_id = "product_log_id"
principal.hostname = "HOSTNAME"
principal.process.pid = "15726"
principal.ip = "10.107.218.31"
principal.port = 59478
target.ip = "10.104.164.115"
target.port = 443
target.application = "ssldata"
about.resource.attribute.key = "Flag list"
about.resource.attribute.value = "(0x0000000000000000) 0x60999b56006cfeca Full x509:V V[271756]:pT[0x182666d7e0e]:eF[0x400101a0004315f7]:type[Full]:pol[P0P1]:init[TI]:SNI[Match]:dname[SAN]:dix[0]:chix[0(O)]:rfw[N]:rov[N]:isix[S0]:cver[0x0303]:ver[03.03]cat[0x0]:CF[0x104020101403]:ChF[0x1000000000811]:Cmrx[SH|SC|CReq|SHD]:Cmtx[CH]:Cocx[0x2000009271]:Cchx[0x2000009271]:Cshx[0x1001]:Chrx[0x0]:Ceex[0x0]:SF[0x2000020000002]:ShF[0x252a00000000]:Smrx[CH]:Smtx[--]:Socx[0x2000009271]:Schx[0x2000009271]:Sshx[0x1001]:Shrx[0x0]:Seex[0x0]:Pxy[---]:sint[0x0]:nt[0x0]:Corr[0x0]:ALPN[--]:css[weak]:JA3[37fbfb78323357338ae6777bda79f9d7]:S019"
about.resource.attribute.key = "segment_id"
about.resource.attribute.value = "A"
security_result.category = SOFTWARE_MALICIOUS
security_result.rule_id = "rule:0"
security_result.action = "BLOCK"
security_result.action_details = "cut"
network.tls.cipher = "TLS_RSA_WITH_AES_128_GCM_SHA256"
network.tls.version = "TLS1.2"

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon