What Changed
New Open Systems solution (v3.0.0) provides comprehensive integration for multiple Open Systems security products, including Secure Web Gateway, Identity service, firewall, Zero Trust Network Access, email gateway, and intrusion detection systems.
Data Sources
The solution ingests logs from:
- Secure Web Gateway: Proxy traffic monitoring and URL filtering
- Identity Provider: Authentication events and user access
- Firewall: Network traffic filtering and security events
- Zero Trust Network Access: Secure remote access monitoring
- Email Gateway: Email security and threat detection (optional)
- Intrusion Detection System: Network-based threat detection (optional)
Ingestion Mechanism
Uses Azure Container Apps with Logstash to ingest logs from Open Systems Kafka streams. ARM template automates deployment of the ingestion infrastructure with configurable scaling and resource allocation.
ASIM Parser Coverage
Includes ASIM-compliant parsers for:
- Authentication schema: ASimAuthenticationOpenSystems
- Network Session schema: ASimNetworkSessionOpenSystemsFirewall
- Web Session schema: ASimWebSessionOpenSystemsProxySecureWebGateway
Affected Files
Solutions/Open Systems/DataConnectors/OpenSystems.json
Solutions/Open Systems/Parsers/AuthASIMParser.yaml
Solutions/Open Systems/Parsers/FirewallASIMParser.yaml
Solutions/Open Systems/Parsers/ProxyASIMParser.yaml
ARM deployment templates and Function App configuration
(packaging artefacts: mainTemplate.json, createUiDefinition.json, SolutionMetadata.json)