Syslog - Lancope StealthWatch CEF
Lancope's StealthWatch System leverages the network as a sensor to deliver context-aware network visibility and security analytics to defend enterprises against advanced cyber threats.
- LogRhythm can leverage StealthWatch's unique ability to identify persistent attacks that have bypassed the perimeter, correlating these events with endpoint visibility and other security events, where available.
- LogRhythm consumption of StealthWatch-detected events provides single-screen visibility into network activities.
- For additional context and triage actions, users can pivot from an alarm event recorded in LogRhythm to the associated information contained within StealthWatch.
Device Details
| Device Name | Syslog - Lancope StealthWatch CEF |
|---|---|
Vendor | Lancope StealthWatch |
Device Type | Network Monitor |
Supported Model Name/Number | Lancope |
Supported Software Version(s) | StealthWatch 6.6 |
Collection Method | Syslog CEF |
Configurable Log Output? | N/A |
Log Source Type | Syslog CEF |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | N/A |
Prerequisites
- Deployment of application and its credentials.
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
| Alarm Messages | N/A | <version>, <vmid>, <threatname>, <command>, <severity>, <subject>, <dip>, <sip>, <url>, <login>, <dport>, <protnum>, <dname>, <dmac> |
Priority B Messages | N/A | <dname>, <severity>, <vmid>, <subject>, <threatname>, <sport>, <dip>, <dmac>, <dname>, <command>, <sname>, <sip>, <smac>, <login>, <object>, <objectname> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
KB 7.1.597.0 | * | Base Rule modified | Regular Expression modified to match unidentified logs. |