Lancope's StealthWatch System leverages the network as a sensor to deliver context-aware network visibility and security analytics to defend enterprises against advanced cyber threats.
-
LogRhythm can leverage StealthWatch's unique ability to identify persistent attacks that have bypassed the perimeter, correlating these events with endpoint visibility and other security events, where available.
-
LogRhythm consumption of StealthWatch-detected events provides single-screen visibility into network activities.
-
For additional context and triage actions, users can pivot from an alarm event recorded in LogRhythm to the associated information contained within StealthWatch.
Device Details
|
Device Name |
Syslog - Lancope StealthWatch CEF |
|---|---|
|
Vendor |
Lancope StealthWatch |
|
Device Type |
Network Monitor |
|
Supported Model Name/Number |
Lancope
|
|
Supported Software Version(s) |
StealthWatch 6.6 |
|
Collection Method |
Syslog CEF |
|
Configurable Log Output? |
N/A |
|
Log Source Type |
Syslog CEF |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Prerequisites
-
Deployment of application and its credentials.
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Alarm Messages |
N/A |
<version>, <vmid>, <threatname>, <command>, <severity>, <subject>, <dip>, <sip>, <url>, <login>, <dport>, <protnum>, <dname>, <dmac> |
|
Priority B Messages |
N/A |
<dname>, <severity>, <vmid>, <subject>, <threatname>, <sport>, <dip>, <dmac>, <dname>, <command>, <sname>, <sip>, <smac>, <login>, <object>, <objectname> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.597.0 |
* |
Base Rule modified |
Regular Expression modified to match unidentified logs. |