PlaSec: Physical Access Card Readers and Biometric Devices Certified CEF Configuration Guide

Summary:

The "Common Event Format Configuration Guide" from PlaSec, Inc., is a document designed to assist in configuring the PlaSec access control appliance to send events to ArcSight for physical access control management. It supports versions 1.8 and above of the PlaSec appliance on all ArcSight platforms, offering guidance on setting up an ArcSight CEF connector using the PlaSec collaboration tool. This includes selecting event types and schedules for transmission, as well as accessing a CLI via SSH for advanced configurations. The document provides detailed information about mapping vendor-specific events from the PlaSec device to corresponding ArcSight data fields, detailing tables that map PlaSec connector fields to ArcSight event data fields such as Device Product, Device Version, Name, Severity, Event Class ID, etc. It also lists all possible events that can be triggered by the PlaSec appliance, ranging from basic transactions like database record additions to more complex system procedures or panel status changes indicating issues like power loss or tampering. The document covers various error codes and events related to card attempts, reader issues, PIN errors, denial reasons, access grants, duress detections, and intrusion alarms in a security system. It includes specific cases for errors such as invalid card reads, stolen or lost card attempts, incorrect PIN entries, hardware issues like reader time zones and keypad failures, unactivated cards, facility code errors, biometric verification failures, and communication issues between the reader and device. The guide also addresses duress detections leading to access denial and intrusion alarms triggered by disarmed systems, armed but with delays, or active alarm conditions.

Details:

The "Common Event Format Configuration Guide" is a document provided by PlaSec, Inc. for configuring the PlaSec access control appliance to send events to ArcSight for physical access control management. This guide supports versions 1.8 and beyond of the PlaSec appliance on all ArcSight platforms. It outlines how to set up an ArcSight CEF connector using the PlaSec collaboration tool, with options to select event types and schedules for transmission. The appliance also offers a CLI accessible via SSH for advanced configurations. The document includes detailed information about mapping vendor-specific events from the PlaSec device to corresponding ArcSight data fields. It provides tables detailing these mappings between PlaSec connector fields and ArcSight event data fields, such as Device Product, Device Version, Name, Severity, Event Class ID, etc. The guide also lists all possible events that can be triggered by the PlaSec appliance, from basic transactions like database record additions to more complex system procedures or panel status changes indicating issues like power loss or tampering. This document outlines various error codes and events related to card attempts, reader issues, PIN errors, denial reasons, access grants, duress detections, and intrusion alarms in a security system. Each code corresponds to a specific type of event or issue that can occur during the use of a card-based access control system, such as an invalid card read, stolen or lost card attempts, incorrect PIN entries, and various hardware issues like reader time zones and keypad failures. The document also covers cases where a card has not yet been activated, or there are errors related to facility codes, biometric verification failures, and communication issues between the reader and device. Additionally, it includes specific events for duress detections leading to access denial, as well as intrusion alarms triggered by disarmed systems, armed but with delays, or active alarm conditions.