Device Details
|
Device Name |
Dragos Platform CEF |
|---|---|
|
Vendor |
Dragos |
|
Device Type |
Dragos |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
v1.6 |
|
Collection Method |
Common Event Format (CEF) |
|
Configurable Log Output? |
Yes |
|
Log Source Type |
Syslog - Dragos Platform CEF |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://www.dragos.com/platform |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
v1.6 |
<severity> |
|
| Catch All : Level 2 1 |
v1.6 |
<severity>, <objecttype> |
| Dragos Alerts |
v1.6 |
<version>, <vmid>, <severity>, <vendorinfo>, <dip>, <dname>, <dmac>, <sip>, <sname>, <smac>, <session>, <tag1>, <objecttype>, <object> |
| Dragos Events |
v1.6 |
<version>, <vmid>, <severity>, <vendorinfo>, <dname>, <dip>, <dmac>, <domainimpacted>, <sip>, <sname>, <smac>, <domainorigin>, <threatid>, <objecttype>, <tag1>, <object>, <threatname> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.573.2 |
Syslog - Dragos Platform CEF |
New Log Source Type |
New Device Support for Syslog - Dragos Platform CEF. |
|
KB 7.1.575.1 |
Syslog - Dragos Platform CEF |
New Base Rules, Sub Rule tagging |
|
|
KB 7.1.576.0 |
Syslog - Dragos Platform CEF |
Sub Rule processing settings update |
Updated mapping for <tag1> field to match Configuration, Indicator, Modeling, Threat Behavior, or Unassigned value as applicable. |
|
KB 7.1.626.0 |
Syslog - Dragos Platform CEF |
New Base Rule created. |
Added Base Rule Dragos Events. |