Flat File - Falco
Device Details
Device Name | Falco |
Vendor | Falco |
Device Type | Falco |
Supported Model Name/Number | N/A |
Supported Software Version | N/A |
Collection Method | Flat File |
Configurable Log Output | N/A |
Log Source Type | Flat File - Falco |
Log Processing Policy | LogRhythm Default V 2.0 |
Exceptions | N/A |
Additional Information | https://falco.org/docs/outputs/formatting/ https://www.elastic.co/guide/en/integrations/current/falco.html#falco-logs-reference |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
API Server Log Messages | N/A | <subject>, <sip>, <sport>, <dip>, <dport>, <protname>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
Catch All | N/A | <subject> |
Critical Executing Binary Log Messages | N/A | <subject>, <sname>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
General Notice Log Messages | N/A | <subject>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
Sensitive File Opened Log Messages | N/A | <subject>, <objectname>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
Warning Grep Private Keys Log Messages | N/A | <subject>, <command>, <login>, <process>, <parentprocesspath>, <serialnumber>, <object> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
7.1.711.0 | Flat File - Falco | New Device Documentation | N/A |