Syslog - Symantec Advanced Threat Protection (ATP) CEF
Device Details
Vendor | Symantec |
|---|---|
Device Type | Endpoint Security |
Supported Model Name/Number | Symantec Advanced Threat Protection (ATP) CEF |
Supported Software Version(s) | 3.2, 4.0, 4.1 |
Collection Method | Syslog |
Configurable Log Output? | No |
Log Source Type | Syslog – Symantec Advanced Threat Protection (ATP) CEF |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://www.symantec.com/products/advanced-threat-protection |
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
Symantec ATP Message | 3.2, 4.0, 4.1 | <process>, <version>, <vmid>, <threatname>, <threatid>, <policy>, <subject>, <sip>, <sname>, <dip>, <dport>, <object>, <login>, <subject> |
No Route SubCls:018 | 3.2 | <process>, <version>, <vmid>, <threatname>, <threatid> |
Parsed Metadata Fields
Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
Data_source_URL | <object> | Text/String |
Device Product | <process> | Text/String |
ExternaIip | <dip> | IP Address |
Externalport | <dport> | Numeric |
InternalHost | <sname> | Text/String |
InternalIP | <sip> | IP Address |
Message | <subject> | Text/String |
Msg | <subject> | Text/String |
Name | <threatname> | Text/String |
Rule_name | <policy> | Text/String |
Severity | <threatId> | Numeric |
Signature ID | <vmid> | Numeric |
User_name | <login> | Text/String |
Version | <version> | Numeric |