Syslog - Stealthbits Activity Monitor
Device Details
Vendor | Stealthbits |
|---|---|
Device Type | File Monitor |
Supported Model Name/Number | N/A |
Supported Software Version(s) | Version 3 |
Collection Method | Syslog |
Configurable Log Output? | N/A |
Log Source Type | Syslog - Stealthbits Activity Monitor |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | N/A |
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
File Delete Activity Logs | Version 3 | <severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
File Access Rights Changed Activity Logs | Version 3 | <severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
| File Creation Activity Logs | Version 3 | <severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
| File Read Activity Logs | Version 3 | <severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
| File Updated Activity Logs | Version 3 | <severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <objecttype>, <status>, <tag1>, <reason>, <action> |
| File Renamed Activity Logs | Version 3 | <severity>, <process>, <vendorinfo>, <policy>, <domainorigin>, <dip>, <login>, <sip>, <object>, <objectname>, <status>, <tag1>, <reason>, <objecttype>, <action>, <subject> |
| Catch All : Level 1 | Version 3 | <severity>, <tag1> |
Parsed Metadata Fields
Device Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
| AttributeName | <objecttype> | Text/String |
| blockedevent | <reason> | Boolean |
| clientaddress | <sip> | IP Address |
| distinguishedname | <objectname> | Text/String |
domain | <domainorigin> | Text/String |
| modifiedobject | <object> | Text/String |
N/A | <severity> | Text/String |
N/A | <process> | Text/String |
N/A | <vendorinfo> | Text/String |
| NewAttributeValue | <subject> | Text/String |
| OldAttributeValue | <objectname> | Text/String |
| operation | <action> | Text/String |
| perpetrator | <domainorigin>\<login> | Text/String |
PolicyName | <policy> | Text/String |
serveraddress | <dip> | IP Address |
| successfulchange | <status> | Boolean |
| successfulchange | <tag1> | Boolean |