Device Details
|
Device Name |
Falco |
|
Vendor |
Falco |
|
Device Type |
Falco |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
N/A |
|
Collection Method |
Flat File |
|
Configurable Log Output |
N/A |
|
Log Source Type |
Flat File - Falco |
|
Log Processing Policy |
LogRhythm Default V 2.0 |
|
Exceptions |
N/A |
|
Additional Information |
https://falco.org/docs/outputs/formatting/ https://www.elastic.co/guide/en/integrations/current/falco.html#falco-logs-reference |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
API Server Log Messages |
N/A |
<subject>, <sip>, <sport>, <dip>, <dport>, <protname>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
|
Catch All |
N/A |
<subject> |
|
Critical Executing Binary Log Messages |
N/A |
<subject>, <sname>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
|
General Notice Log Messages |
N/A |
<subject>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
|
Sensitive File Opened Log Messages |
N/A |
<subject>, <objectname>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
|
Warning Grep Private Keys Log Messages |
N/A |
<subject>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
7.1.711.0 |
Flat File - Falco |
New Device Documentation |
N/A |