Syslog - FireEye EX
Device Details
| Vendor | FireEye |
|---|---|
| Device Type | Email Security |
| Supported Model Name/Number | N/A |
| Supported Software Version | N/A |
| Collection Method | Syslog |
| Configurable Log Output | N/A |
| Log Source Type | Syslog - FireEye EX |
| Log Processing Policy | LogRhythm Default |
| Exceptions | N/A |
| Additional Information | https://www.fireeye.com/content/dam/fireeye-www/products/pdfs/pf/email/fireeye-ex-series.pdf |
| https://docs.mcafee.com/bundle/enterprise-security-manager-data-sources-configuration-reference-guide/page/GUID-DEE7F31A-23FA-4A89-B641-C2DF422E7748.html | |
| https://www.fireeye.com/content/dam/fireeye-www/global/en/partners/pdfs/fireeye-splunk-intro-to-integration.pdf |
Currently Supported Log Types
| Type | Version | Supported Schema Fields |
| Riskware Object Message | All | <version>, <severity>, <objectname>, <objecttype>, <threatname>, <action>, <dip>, <login>, <hash>, <subject>, <vmid>, <url>, <sname>, <account>, <domainorigin>, <protname> |
| Malware Object Message | All | <version>, <severity>, <objectname>, <objecttype>, <object>, <action>, <dip>, <login>, <hash>, <subject>, <vmid>, <url>, <sname>, <account>, <domainorigin>, <protname>, <parentprocessname>, <status>, <threatname> |
| Catchall | All | <severity> |
Parsed Metadata Fields
| Field Name | LogRhythm Metadata Field | Value/Data Type |
| act | Action | Text/String |
| applicationProtocol | ProtName | Text/String |
| cs1 | ThreatName | Text/String |
| cs4 | URL | Text/String |
| duser | Acccount | Text/String |
| dvc | DIP | IP Address |
| dvchost | Login | Text/String |
| filehash | Hash | Hash |
| filetype | ObjectType | Text/String |
| fname | ObjectName | Text/String |
| msg | Subject | Text/String |
| msg | Object | Text/String |
| severity | Severity | Number |
| sourceDnsDomain | DomainOrigin | Text/String |
| sproc | ParentProcessName | Text/String |
| suser | SName | Text/String |
| version | Version | Number |
| vmid | VMID | Number |