Device Details
|
Vendor |
BeyondTrust |
|---|---|
|
Device Type |
BeyondInsight |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
BeyondInsight 6.2 and newer |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
Yes - LEEF |
|
Log Source Type |
Syslog BeyondTrust BeyondInsight LEEF |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Device Configuration Checklist
Configure the Connector:
-
On the Connectors tab of the BeyondInsight dashboard, enter the Connector Name.
-
(Optional) In the Output Format section, enter the Syslog Facility and Severity.
-
In the Output Endpoint section, select a connection type and enter the HostName and Port.
-
In the Choose events to forward section, select Event Filtering options to configure the events to be forwarded.
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
App Audit |
N/A |
<version>, <vmid>, <severity>, <sip>, <login>, <objecttype>, <session>, <result> |
|
Blink BAM |
N/A |
<version>, <subject>, <vmid>, <severity>, <sip>, <dip>, <login>, <objectname>, <object>, <result>, <object>, <result>, <sip>, <dip> |
|
PowerBroker Password Safe |
N/A |
<severity>, <version>, <sip>, <dip>, <login>, <subject>, <result>, <status> |
|
PowerBroker Windows - Event |
N/A |
<version>, <subject>, <vmid>, <severity>, <vmid>, <object>, <policy> |
|
RET-SCAN |
N/A |
<version>, <subject>, <vmid>, <severity>, <sip>, <dip>, <login>, <objectname>, <object>, <result>, <object>, <result> |
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
|---|---|
|
N/A |
<version> |
|
N/A |
<subject> |
|
ActionType/Operation/EventType |
<result> |
|
AuditId |
<session> |
|
Cat/EventId |
<vmid> |
|
Dst |
<dip> |
|
EventDesc |
<objectname> |
|
EventName |
<object> |
|
EventName |
<objecttype> |
|
Failed |
<status> |
|
RuleName |
<policy> |
|
Sev |
<severity> |
|
Src |
<sip> |
|
UsrName |
<login> |