Flat File - McAfee Proxy Cloud
Device Details
Vendor | McAfee |
|---|---|
Device Type | EndPoint Security |
Supported Model Name/Number | Cloud Proxy (Endpoints (managed), Standalone computers (unmanaged)) |
Supported Software Version(s) | N/A |
Collection Method | Flat File |
Configurable Log Output? | No |
Log Source Type | Flat File - McAfee Proxy Cloud |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://docs.mcafee.com/search?page=5&field-1=All%20Products&q=McAfee%20Cloud%20&sort=score&rpp=10 |
Prerequisites
- The sequence of keys in the log should be in given the format: "user_id", "username", "source_ip", "http_action", "server_to_client_bytes", "client_to_server_bytes", "requested_host", "requested_path", "result", "virus", "request_timestamp_epoch", "request_timestamp", "uri_scheme", "category", "media_type", "application_type", "reputation."
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
McAfee Cloud Proxy User Information Messages | ALL | <domain>, <login>, <vendorinfo>, <sip>, <command>, <bytesin>, <bytesout>, <url>, <object>, <result>, <threatname>, <session>, <protname>, <objectname>, <objecttype>, <useragent>, <status> |
Parsed Metadata Fields
Device Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
User_id | Domain | Text/String |
Username | Login | Text/String |
Vendorinfo | Vendorinfo | String |
Source_ip | Sip | Ip Address |
Http_action | Command | String |
Server_to_client_bytes | Bytesin | Number |
| Client_to_server_bytes | Bytesout | Number |
| Requested_host | Url | Text/String/Ip address |
| Requested_path | Object | Text/String/Ip address |
| Result | Result | Text/String |
| Virus | Threatname | Text/String |
| Request_timestamp_epoch | Session | Text/String |
| Uri_scheme | Portname | Text/String |
| Category | Objectname | Text/String |
| Media_Type | Objecttype | Text/String |
| Application_type | Useragent | Text/String |
| Reputation | Status | Text |