We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure macmon Event Notifications to Report an ATP Incident to the macmon System

  • Last updated on

macmon Endpoint Security and Network Access Control is capable of collecting threat notifications from other systems in order to protect a network infrastructure from malicious clients. The CloudGen Firewall can be configured to send notifications to the macmon system as soon as ATP detects a threat. If this happens, an event is created. To notify macmon about the event, a script has to be associated with the event. As soon as the event occurs, the configured script is executed and notifies macmon.

Step 1. Create a New Notification for macmon and Assign the macmon Script

  1. Go to CONFIGURATION > Configuration Tree > Infrastructure Services > Eventing.
  2. Click Lock.
  3. Select Notification.
  4. Click New... in the lower-right corner of the window.
  5. The Detail window opens.
  6. Enter a unique number as the Notification ID, e.g., 5.
  7. Enter a descriptive name for the macmon notification, e.g., macmon notification.
  8. Ensure that the check box Event must be confirmed is not selected.
  9. Select Server Action.
  10. For Type, select Execute Program.
  11. For Parameter, enter the following string into the edit field. Replace the strings in the angle brackets by real values that are significant for your macmon system:
    /opt/phion/modules/box/boxsrv/event/bin/macmonEventNotification -u <USER> -p <PASSWORD> -d <IP>
    configure_macmon_notification.png

    The following list contains the list of valid arguments which are also used for configuring the script as seen above:

    Argument Meaning
    -h, --help Show help message and exit
    -u <USER>, --user=<USER> macmon user name
    -p <PASSWORD>, --password <PASSWORD> macmon password
    -d <DESTINATION>, --destination=<DESTINATION> macmon destination (hostname or IP address)
  12. Click OK.
  13. Click Send Changes.
  14. Click Activate.

Step 2. Check Your Event List

  1. Go to EVENTS.
  2. Check the event list for ATP events. If the notification ID (e.g. ID=5) refers to the configuration set before, the macmon system has been notified about the event.

    macmon_malicious_activity_detected.png
Last updated on