Syslog - Dragos Platform CEF
Device Details
| Device Name | Dragos Platform CEF |
|---|---|
Vendor | Dragos |
Device Type | Dragos |
Supported Model Name/Number | N/A |
Supported Software Version(s) | v1.6 |
Collection Method | Common Event Format (CEF) |
Configurable Log Output? | Yes |
Log Source Type | Syslog - Dragos Platform CEF |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://www.dragos.com/platform |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
| v1.6 | <severity> | |
| Catch All : Level 2 1 | v1.6 | <severity>, <objecttype> |
| Dragos Alerts | v1.6 | <version>, <vmid>, <severity>, <vendorinfo>, <dip>, <dname>, <dmac>, <sip>, <sname>, <smac>, <session>, <tag1>, <objecttype>, <object> |
| Dragos Events | v1.6 | <version>, <vmid>, <severity>, <vendorinfo>, <dname>, <dip>, <dmac>, <domainimpacted>, <sip>, <sname>, <smac>, <domainorigin>, <threatid>, <objecttype>, <tag1>, <object>, <threatname> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.573.2 | Syslog - Dragos Platform CEF | New Log Source Type | New Device Support for Syslog - Dragos Platform CEF. |
| KB 7.1.575.1 | Syslog - Dragos Platform CEF | New Base Rules, Sub Rule tagging |
|
| KB 7.1.576.0 | Syslog - Dragos Platform CEF | Sub Rule processing settings update | Updated mapping for <tag1> field to match Configuration, Indicator, Modeling, Threat Behavior, or Unassigned value as applicable. |
| KB 7.1.626.0 | Syslog - Dragos Platform CEF | New Base Rule created. | Added Base Rule Dragos Events. |