Device Details
|
Device Name |
Anomali Threatstream |
|
Vendor |
Anomali |
|
Device Type |
Anomali Threatstream |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output |
CEF |
|
Log Source Type |
Syslog - Anomali Threatstream |
|
Log Processing Policy |
LogRhythm Default V 2.0 |
|
Exceptions |
N/A |
|
Additional Information |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Anomali Threatstream CEF Log Messages |
N/A |
<vendorinfo>, <version>, <threatname>, <object>, <severity>, <account>, <objecttype>, <sport>, <dinterface>, <sip>, <quantity>, <reason>, <dip>, <objectname>, <sender>, <recipient>, <status>, <sname>, <dport>, <session>, <url>, <action>, <dnatip>, <dname>, <policy>, <subject> |
|
Catch-All |
N/A |
<tag1>, <severity> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.698.0 |
Syslog - Anomali Threatstream |
New Device Documentation |
N/A |