Device Details
|
Vendor |
ESET |
|---|---|
|
Device Type |
Web Console/Endpoint Server and mobile security |
|
Supported Model Name/Number |
ERA Server |
|
Supported Software Version(s) |
ERA Server 6.5.522.0 |
|
Collection Method |
Syslog, LEEF |
|
Configurable Log Output? |
Yes |
|
Log Source Type |
Syslog – ESET Remote Administrator (ERA) LEEF |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
Logging output configurable to LEEF |
Device Configuration Checklist
-
Ensure that LEEF log output configuration is enabled.
-
All other software defaults should be used in all cases.
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
User Logon Events |
6.5.522.0 |
Cat= ; sev= ; devTime= ; devTimeFormat= ; src= ; domain= ; action= ; target= ; detail= ; user= ; result = |
|
Scanner Information |
6.5.522.0 |
Cat= ; sev= ; devTime= ; devTimeFormat= ; src= ; threatType= ; threatName= ; scannerID= ; scanID=; engineVersion= ; objectType= ; objectUri= ; actionTaken= ; threatHandled= ; needRestart= ; accountName= ; processName= ; hash= ; |
|
Audit Events |
All |
|
|
File Quarantine |
All |
|
|
New Threat Detected |
All |
|
|
ERA Server Information |
All |
|
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
ActionTaken= |
<action> |
String |
|
Cat= |
<policy> |
String |
|
Detail= |
<subject> |
String |
|
Domain= |
<domain> |
String |
|
Hash= |
<hash> |
Md5sum |
|
LEEF Header |
<severity>, <version>, <vendorinfo> |
Pipe (|) delimited String |
|
ObjectType= |
<objecttype> |
String |
|
ObjectUri= |
<object> |
URI/Path |
|
ProcessName= |
<process> |
String |
|
Src= |
<sip> |
IP Address |
|
Target= |
<login> |
String |
|
ThreatName= |
<objectname> |
String |
|
ThreatType= |
<subject> |
String |