Re: OPSEC LEA Permissions

LaRockas · ‎2020-02-13

Dear all ,

I would like to ask if anyone knows the access that potentially could have an OPSEC LEA client to SMS Gateway .

Except the LEA Permissions TAB to the OPSEC Application Properties , where else i can find what kind of permission the remote client has when you configure it as OPSEC LEA Appl .

Is it trusted to allow external partner like Siem Vendor , to communicate with OPSEC LEA to the SMS server ? As you understand the SMS server has all the critical information like policies , etc.

Any other link , pdf , doc to read would be helpful

Thanks in advanced

Makis

PhoneBoy · ‎2020-02-13

LEA is for streaming logs to a third party.
The only thing you have access to via LEA is…logs and it's a push (not pull) mechanism.
I believe you can find more details in the OPSEC SDK documentation which is in SecureKnowledge.

Regardless, Log Exporter is the preferred, recommended method for integrating with SIEMs these days.
This uses standard syslog to export logs.
We will continue to support LEA but are not doing further enhancements to it.

LaRockas · ‎2020-02-13

Hi PhoneBoy ,

Thanks for your reply . I already started to read the SDK documentation .

Thanks

Makis

PS. Nice meeting you at CPX Vienna !

PhoneBoy · ‎2020-02-14

Pleasure to meet you as well 😁

Are you a member of CheckMates?

OPSEC LEA Permissions