Lancope's StealthWatch System leverages the network as a sensor to deliver context-aware network visibility and security analytics to defend enterprises against advanced cyber threats.
- LogRhythm can leverage StealthWatch's unique ability to identify persistent attacks that have bypassed the perimeter, correlating these events with endpoint visibility and other security events, where available.
- LogRhythm consumption of StealthWatch-detected events provides single-screen visibility into network activities.
- For additional context and triage actions, users can pivot from an alarm event recorded in LogRhythm to the associated information contained within StealthWatch.
|Device Name||Syslog - Lancope StealthWatch CEF|
Supported Model Name/Number
Supported Software Version(s)
Configurable Log Output?
Log Source Type
Log Processing Policy
- Deployment of application and its credentials.
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
Supported Schema Fields
<version>, <vmid>, <threatname>, <command>, <severity>, <subject>, <dip>, <sip>, <url>, <login>, <dport>, <protnum>, <dname>, <dmac>
Priority B Messages
<dname>, <severity>, <vmid>, <subject>, <threatname>, <sport>, <dip>, <dmac>, <dname>, <command>, <sname>, <sip>, <smac>, <login>, <object>, <objectname>
|*||Base Rule modified|
Regular Expression modified to match unidentified logs.