Syslog - Cisco Firepower Threat Defense
Device Details
Vendor | Cisco |
|---|---|
Device Type | Threat Defense |
Supported Model Name/Number | 6.0, 6.2 |
Supported Software Version(s) | All |
Collection Method | Syslog |
Configurable Log Output? | Yes |
Log Source Type | Syslog – Cisco Firepower Threat Defense |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://itknowledgeexchange.techtarget.com/network-technologies/cisco-firepower-threat-defense-ftd/ |
Prerequisites
- VMware vSphere Web Client
- vSphere standalone client on ESXi
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
Connection Event | All | <vmid>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protname> |
File Malware Event | All | <vmid>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protname> |
Object Exceeded Threshold Rate | All | <vmid>, <severity>, <subject>, <reason>, <action> |
System Clock Set | All | <vmid> , <severity>, <object>, <action>, <sip> |
TCP Syn Message | All | <vmid> , <severity>, <sip>, <dip>, <sport>, <dport>, <subject> |
Parsed Metadata Fields
Product Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
N/A | <severity> | Numeric |
N/A | <object> | Text/String |
N/A | <action> | Text/String |
N/A | <sip> | IP Address |
N/A | <sport> | Numeric |
N/A | <dip> | IP Address |
N/A | <dport> | Numeric |
N/A | <packetsin> | Numeric |
N/A | <packetsout> | Numeric |
N/A | <bytesin> | Numeric |
N/A | <bytesout> | Numeric |