Integration with identity/AAA server down-checkpoint-gaia

Integration with identity/AAA server down-checkpoint-gaia

Vendor: checkpoint

OS: gaia

Description:
Some devices may integrate with identity or AAA servers to provide user identification, authentication and authorization services. If the integration is down, such services may be disrupted. indeni will alert if this occurs.

Remediation Steps:
Make sure that the device can communicate with the identity/AAA server, that the username and password for accessing it are correct and that it has the permissions it needs.

How does this work?
Using the Check Point command “adlog a dc” we retreive the status of the domain controllers.

Why is this important?
When using Identity Awareness it is important to make sure that the domain controllers are connected, otherwise no new events will be retrieved.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-gaia-adlog-a-dc-novsx

name: chkp-gaia-adlog-a-dc-novsx
description: Check status of connected domain controllers for Identity Awareness
type: monitoring
monitoring_interval: 10 minute
requires:
    vendor: checkpoint
    os.name: gaia
    role-firewall: 'true'
    vsx:
            neq: 'true'
comments:
    identity-integration-connection-state:
        why: |
            When using Identity Awareness it is important to make sure that the domain controllers are connected, otherwise no new events will be retrieved.
        how: |
            Using the Check Point command "adlog a dc" we retreive the status of the domain controllers.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 adlog a dc && sleep 5 && ${nice-path} -n 15 adlog
            a dc && sleep 5 && ${nice-path} -n 15 adlog a dc
    parse:
        type: AWK
        file: adlog-a-dc-novsx.parser.1.awk

cross_vendor_identity_integration_down

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_identity_integration_down.scala