Device Details
|
Vendor |
McAfee |
|---|---|
|
Device Type |
EndPoint Security |
|
Supported Model Name/Number |
Cloud Proxy (Endpoints (managed), Standalone computers (unmanaged)) |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Flat File |
|
Configurable Log Output? |
No |
|
Log Source Type |
Flat File - McAfee Proxy Cloud |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://docs.mcafee.com/search?page=5&field-1=All%20Products&q=McAfee%20Cloud%20&sort=score&rpp=10 |
Prerequisites
-
The sequence of keys in the log should be in given the format: "user_id", "username", "source_ip", "http_action", "server_to_client_bytes", "client_to_server_bytes", "requested_host", "requested_path", "result", "virus", "request_timestamp_epoch", "request_timestamp", "uri_scheme", "category", "media_type", "application_type", "reputation."
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
McAfee Cloud Proxy User Information Messages |
ALL |
<domain>, <login>, <vendorinfo>, <sip>, <command>, <bytesin>, <bytesout>, <url>, <object>, <result>, <threatname>, <session>, <protname>, <objectname>, <objecttype>, <useragent>, <status> |
Parsed Metadata Fields
|
Device Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
User_id |
Domain |
Text/String |
|
Username |
Login |
Text/String |
|
Vendorinfo |
Vendorinfo |
String |
|
Source_ip |
Sip |
Ip Address |
|
Http_action |
Command |
String |
|
Server_to_client_bytes |
Bytesin |
Number |
|
Client_to_server_bytes |
Bytesout |
Number |
|
Requested_host |
Url |
Text/String/Ip address |
|
Requested_path |
Object |
Text/String/Ip address |
|
Result |
Result |
Text/String |
|
Virus |
Threatname |
Text/String |
|
Request_timestamp_epoch |
Session |
Text/String |
|
Uri_scheme |
Portname |
Text/String |
|
Category |
Objectname |
Text/String |
|
Media_Type |
Objecttype |
Text/String |
|
Application_type |
Useragent |
Text/String |
|
Reputation |
Status |
Text |