x
OFFRE 48 h
Si vous êtes actuellement client
e nos produits pour usage
personnel, renouvelez
maintenant et économisez 50%
RENOUVELER MAINTENANT
x
OFFRE DE 48 HEURES
50%
RENOUVELLEMENTS Particuliers uniquement
RENOUVELER À TARIF RÉDUIT
x
OFFRE DE 48 HEURES
50%
RENOUVELLEMENTS Particuliers uniquement
x
OFFRE EXCLUSIVE
50%
RENOUVELLEMENTS Particuliers uniquement
RENOUVELER À TARIF RÉDUIT
x
OFFRE
Si vous êtes actuellement client
e nos produits pour usage
personnel, renouvelez
maintenant et économisez 50%
RENOUVELER MAINTENANT
x
OFFRE D'HALLOWEEN
profitez de
réductions effrayantes !
ACHETEZ MAINTENANT ET OBTENEZ 50% DE RÉDUCTION
x
OFFRE
Acheter le meilleur antivirus
au meilleur prix
OBTENEZ 50% DE RÉDUCTION
x
OFFRE
Acheter le meilleur antivirus
au meilleur prix
OBTENEZ 50% DE RÉDUCTION
x
OFFRE
-50%
Acheter le meilleur antivirus
au meilleur prix
OBTENEZ 50% DE RÉDUCTION
x
OFFRE
-50%
Acheter le meilleur antivirus
au meilleur prix
OBTENEZ 50% DE RÉDUCTION
x
OFFRE
Acheter le meilleur antivirus
au meilleur prix
ACHETEZ MAINTENANT ET OBTENEZ 50% DE RÉDUCTION
x
JUSQU'À
-60%
ACHETER MAINTENANT
x
JUSQU'À
-60%
ACHETER MAINTENANT
Procurez-vous Panda DOME
Premium dès aujourd'hui !
VPN illimité
inclus
Économisez 50%

Hello!

You’re about to visit our web page in Français
Would you like to continue?

Yes, I want to visit the web page in Français No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Assistance Technique

Comment pouvons-nous vous aider ?

 

Basic concepts of the security architecture implemented in Panda SIEMFeeder

Ces informations s’appliquent à:

Produits
Panda Adaptive Defense
Panda Adaptive Defense 360

This article deals with the AAA-based (Authentication, Authorization, and Access) security architecture implemented in Panda SIEMFeeder as well as the encryption of all communications between the Panda Importer software and all the other components that make up the solution.

AAA security architecture overview

  • Initial message exchange

    To access the Panda SIEMFeeder service securely, an initial message exchange must take place between the Panda Importer computer and Panda SIEMFeeder. This exchange must take place successfully; otherwise, it won't be possible to access the information published in the Azure topic.

    Below is a diagram showing the message flow established the first time that Panda Importer is run (numbered based on Figure 4). This message flow must be established every time the user is removed from the system or is unassigned the Full Control role assigned via Aether.

    1. Panda Importer sends the credentials (email address and password) assigned to the customer.
    2. Authentication Phase: the PAS service connects to the Panda IdP service to validate the credentials.
    3. Authorization Phase: the PAS service connects to the Aether service to check whether the customer has access to the Panda SIEMFeeder service.

      Figure 5: steps 1 to 4 in the initial message exchange

    4. The PAS service generates and delivers an access token and a refresh token to Panda Importer.
    5. Panda Importer sends the refresh token to the PAC service.
    6. Access Phase: the PAC service generates a shared access signature (SAS) key.
    7. Access to the topic: Panda Importer accesses the assigned topic using the SAS key.
    8. Panda Importer receives the logs from the subscribed topic.

      Figure 6: steps 5 to 8 in the initial message exchange

       Figure 6: steps 5 to 8 in the initial message exchange
  • Security architecture: Components

    Figure 4 shows the components responsible for authenticating customers and granting them access to the platform resources required to download the log files that contain the information collected from the organization's IT network.

    Figure 4: AAA security architecture overview

    Figure 4: AAA security architecture overview

    • Panda Importer: program provided by Panda Security and designed to collect the log files stored on the Azure platform.
    • Azure Topic: a queue-type resource generated on the Azure platform. It stores the log files received from Panda Security with the information collected from the organization's IT network.
    • PAS (Panda Authorization Service): service that authenticates and authorizes access to the Azure topic. It receives, from Panda Importer, the credentials assigned to the customer when purchasing the service, and returns to it an access token and a refresh token.
    • PAC (Panda Access Control): service that enables Panda Importer to access the Azure topic provisioned to the customer. It receives the refresh token from Panda Importer and returns a shared access signature (SAS) key.
    • Panda IdP (Identity Provider): service that authenticates the sent credentials.
    • Aether: service that authorizes access to Panda SIEMFeeder.
  • Subsequent message exchange

    Panda Importer uses the refresh token to obtain the SAS key. Both the token and the SAS key have an expiration date and are short lived for security reasons. As soon as the refresh token expires, Panda Importer will generate the following alternative message flow:

    1. Panda Importer asks the PAS service for a new refresh token. To do that, it sends the access token that was assigned to it during the above-mentioned initial flow.
    2. With the new refresh token, Panda Importer asks the PAC service for a new SAS key.
    3. With the new SAS key, Panda Importer connects to the Azure topic and continues collecting log files.

      Figure 7: message flow when the refresh token expires

Communication characteristics
  • AAA communication encryption

    All communications for requesting and sending tokens are encrypted with HTTPS protocol SSL SHA256-G3.

  • Lifetime of the tokens assigned by Panda SIEMFeeder
    • PAS refresh token: 14 days
    • PAS access token: 20 minutes
    • SAS key: 1 day

      Panda Importer uses the refresh token to access the Azure topic. Once the refresh token expires, a new access token will be generated containing the account details entered in the Panda Importer program. In addition to this, a new refresh token will also be generated for Panda Importer to continue accessing the Azure topic.

      Even if the account used when configuring the service is no longer available or doesn't have the Full Control role assigned to it, the customer will be able to continue accessing the service provided the refresh token has not expired (maximum lifetime: 14 days). If the refresh token expires, it won't be possible to generate a new refresh token and access will be denied.
  • Encrypted communications for downloading log files

    All communications established for downloading log files are encrypted with the TLS/SSL and SASL protocols.

Related articles

What is Panda Importer?

Numéro d`article d`aide- 20180507 950030 EN

Avez-vous résolu votre problème avec cet article ?

OUI NON

Merci de votre réponse


Comment pouvons-nous améliorer cette aide ?




Vous voulez contacter le Support Technique ?

TOUJOURS EN LIGNE POUR VOUS AIDER TWITTER FORUM
TOUJOURS EN LIGNE POUR VOUS AIDER TWITTER FORUM