Syslog - BeyondTrust BeyondInsight LEEF
Device Details
Vendor | BeyondTrust |
|---|---|
Device Type | BeyondInsight |
Supported Model Name/Number | N/A |
Supported Software Version(s) | BeyondInsight 6.2 and newer |
Collection Method | Syslog |
Configurable Log Output? | Yes - LEEF |
Log Source Type | Syslog BeyondTrust BeyondInsight LEEF |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | N/A |
Device Configuration Checklist
Configure the Connector:
- On the Connectors tab of the BeyondInsight dashboard, enter the Connector Name.
- (Optional) In the Output Format section, enter the Syslog Facility and Severity.
- In the Output Endpoint section, select a connection type and enter the HostName and Port.
- In the Choose events to forward section, select Event Filtering options to configure the events to be forwarded.
Currently Supported Log Types
| Type | Product Version | Supported Schema Fields |
|---|---|---|
App Audit | N/A | <version>, <vmid>, <severity>, <sip>, <login>, <objecttype>, <session>, <result> |
Blink BAM | N/A | <version>, <subject>, <vmid>, <severity>, <sip>, <dip>, <login>, <objectname>, <object>, <result>, <object>, <result>, <sip>, <dip> |
PowerBroker Password Safe | N/A | <severity>, <version>, <sip>, <dip>, <login>, <subject>, <result>, <status> |
PowerBroker Windows - Event | N/A | <version>, <subject>, <vmid>, <severity>, <vmid>, <object>, <policy> |
RET-SCAN | N/A | <version>, <subject>, <vmid>, <severity>, <sip>, <dip>, <login>, <objectname>, <object>, <result>, <object>, <result> |
Parsed Metadata Fields
| Product Field Name | LogRhythm Metadata Field |
|---|---|
N/A | <version> |
N/A | <subject> |
ActionType/Operation/EventType | <result> |
AuditId | <session> |
Cat/EventId | <vmid> |
Dst | <dip> |
EventDesc | <objectname> |
EventName | <object> |
EventName | <objecttype> |
Failed | <status> |
RuleName | <policy> |
Sev | <severity> |
Src | <sip> |
UsrName | <login> |