Device Details
|
Vendor |
Stealthbits |
|---|---|
|
Device Type |
File Monitor |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
Version 3 |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
N/A |
|
Log Source Type |
Syslog - Stealthbits Activity Monitor |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
File Delete Activity Logs |
Version 3 |
<severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
|
File Access Rights Changed Activity Logs |
Version 3 |
<severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
|
File Creation Activity Logs |
Version 3 |
<severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
|
File Read Activity Logs |
Version 3 |
<severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
|
File Updated Activity Logs |
Version 3 |
<severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
|
File Renamed Activity Logs |
Version 3 |
<severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <status>, <tag1>, <reason>, <objecttype>, <action>, <subject> |
|
Catch All : Level 1 |
Version 3 |
<severity>, <tag1> |
Parsed Metadata Fields
|
Device Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
AttributeName |
<objecttype> |
Text/String |
|
blockedevent |
<reason> |
Boolean |
|
clientaddress |
<sip> |
IP Address |
|
distinguishedname |
<objectname> |
Text/String |
|
domain |
<domainorigin> |
Text/String |
|
modifiedobject |
<object> |
Text/String |
|
N/A |
<severity> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<vendorinfo> |
Text/String |
|
NewAttributeValue |
<subject> |
Text/String |
|
OldAttributeValue |
<objectname> |
Text/String |
|
operation |
<action> |
Text/String |
|
perpetrator |
<domainorigin>\<login> |
Text/String |
|
PolicyName |
<policy> |
Text/String |
|
serveraddress |
<dip> |
IP Address |
|
successfulchange |
<status> |
Boolean |
|
successfulchange |
<tag1> |
Boolean |