Syslog - Anomali Threatstream
Device Details
Device Name | Anomali Threatstream |
Vendor | Anomali |
Device Type | Anomali Threatstream |
Supported Model Name/Number | N/A |
Supported Software Version | N/A |
Collection Method | Syslog |
Configurable Log Output | CEF |
Log Source Type | Syslog - Anomali Threatstream |
Log Processing Policy | LogRhythm Default V 2.0 |
Exceptions | N/A |
Additional Information |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
Anomali Threatstream CEF Log Messages | N/A | <vendorinfo>, <version>, <threatname>, <object>, <severity>, <account>, <objecttype>, <sport>, <dinterface>, <sip>, <quantity>, <reason>, <dip>, <status>, <sname>, <dport>, <session>, <url>, <action>, <dnatip>, <dname>, <policy>, <subject> |
Catch All | N/A | <tag1>, <severity> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
KB 7.1.698.0 | Syslog - Anomali Threatstream | New Device Documentation | N/A |