F-Secure AV integration

almous · March 24, 2022, 3:07pm

Hi,

I was looking at the event sources for InsightIDR and noticed that F-Secure AV is listed but there is no link to the page:

I can’t find anything else except the extensions page:
Rapid7 Extensions - F-Secure

Is there any documentation on the integration between F-Secure/InsightIDR?

Thanks,
Neil

tony_ennis1 · March 24, 2022, 3:42pm

Hi Neil,

We haven’t got any docs on this just yet but you should be able to use this guide for setting it up on the F-secure side:

https://help.f-secure.com/product.html?business/policy-manager/15.20/en/task_6E8BD55A7C704C4F9F222A214AC880CA-15.20-en

Some things to note about configuring this in F-Secure:

It’s recommended you specify a custom port for log transmission (don’t use the default UDP or TCP port)
We accept F-Secure logs in RFC 3164 format

On the IDR side you must go to Data Collection > Event Sources. Add a Virus Scan event source and select F-Secure from the product dropdown menu. For the data collection method select Listen on Network Port and specify the port number and protocol that you configured in F-Secure.

Note: Make sure that the collector host firewall, or any physical firewall between the two servers allow traffic through that port.

Good luck!

Regards,
Tony

almous · March 24, 2022, 5:31pm

That’s great Tony. I’ll look into it. Thanks for your help.

Best Regards,
Neil