Syslog - ESET Remote Administrator (ERA) LEEF
Device Details
Vendor | ESET |
|---|---|
Device Type | Web Console/Endpoint Server and mobile security |
Supported Model Name/Number | ERA Server |
Supported Software Version(s) | ERA Server 6.5.522.0 |
Collection Method | Syslog, LEEF |
Configurable Log Output? | Yes |
Log Source Type | Syslog – ESET Remote Administrator (ERA) LEEF |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | Logging output configurable to LEEF |
Device Configuration Checklist
- Ensure that LEEF log output configuration is enabled.
- All other software defaults should be used in all cases.
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
User Logon Events | 6.5.522.0 | Cat= ; sev= ; devTime= ; devTimeFormat= ; src= ; domain= ; action= ; target= ; detail= ; user= ; result = |
Scanner Information | 6.5.522.0 | Cat= ; sev= ; devTime= ; devTimeFormat= ; src= ; threatType= ; threatName= ; scannerID= ; scanID=; engineVersion= ; objectType= ; objectUri= ; actionTaken= ; threatHandled= ; needRestart= ; accountName= ; processName= ; hash= ; |
Audit Events | All | |
File Quarantine | All | |
New Threat Detected | All | |
ERA Server Information | All |
Parsed Metadata Fields
Product Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
ActionTaken= | <action> | String |
Cat= | <policy> | String |
Detail= | <subject> | String |
Domain= | <domain> | String |
Hash= | <hash> | Md5sum |
LEEF Header | <severity>, <version>, <vendorinfo> | Pipe (|) delimited String |
ObjectType= | <objecttype> | String |
ObjectUri= | <object> | URI/Path |
ProcessName= | <process> | String |
Src= | <sip> | IP Address |
Target= | <login> | String |
ThreatName= | <objectname> | String |
ThreatType= | <subject> | String |