Device Details
|
Vendor |
FireEye |
|---|---|
|
Device Type |
Email Security |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output |
N/A |
|
Log Source Type |
Syslog - FireEye EX |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://www.fireeye.com/content/dam/fireeye-www/products/pdfs/pf/email/fireeye-ex-series.pdf |
|
https://docs.mcafee.com/bundle/enterprise-security-manager-data-sources-configuration-reference-guide/page/GUID-DEE7F31A-23FA-4A89-B641-C2DF422E7748.html |
|
|
https://www.fireeye.com/content/dam/fireeye-www/global/en/partners/pdfs/fireeye-splunk-intro-to-integration.pdf |
Currently Supported Log Types
|
Type |
Version |
Supported Schema Fields
|
|
Riskware Object Message |
All |
<version>, <severity>, <objectname>, <objecttype>, <threatname>, <action>, <dip>, <login>, <hash>, <subject>, <vmid>, <url>, <sname>, <account>, <domainorigin>, <protname> |
|
Malware Object Message |
All |
<version>, <severity>, <objectname>, <objecttype>, <object>, <action>, <dip>, <login>, <hash>, <subject>, <vmid>, <url>, <sname>, <account>, <domainorigin>, <protname>, <parentprocessname>, <status>, <threatname> |
|
Catchall |
All |
<severity> |
Parsed Metadata Fields
|
Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|
act |
Action |
Text/String |
|
applicationProtocol |
ProtName |
Text/String |
|
cs1 |
ThreatName |
Text/String |
|
cs4 |
URL |
Text/String |
|
duser |
Acccount |
Text/String |
|
dvc |
DIP |
IP Address |
|
dvchost |
Login |
Text/String |
|
filehash |
Hash |
Hash |
|
filetype |
ObjectType |
Text/String |
|
fname |
ObjectName |
Text/String |
|
msg |
Subject |
Text/String |
|
msg |
Object |
Text/String |
|
severity |
Severity |
Number |
|
sourceDnsDomain |
DomainOrigin |
Text/String |
|
sproc |
ParentProcessName |
Text/String |
|
suser |
SName |
Text/String |
|
version |
Version |
Number |
|
vmid |
VMID |
Number |