Device Details
|
Vendor |
Symantec |
|---|---|
|
Device Type |
Endpoint Security |
|
Supported Model Name/Number |
Symantec Advanced Threat Protection (ATP) CEF |
|
Supported Software Version(s) |
3.2, 4.0, 4.1 |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
No |
|
Log Source Type |
Syslog – Symantec Advanced Threat Protection (ATP) CEF |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://www.symantec.com/products/advanced-threat-protection |
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
Symantec ATP Message |
3.2, 4.0, 4.1 |
<process>, <version>, <vmid>, <threatname>, <threatid>, <policy>, <subject>, <sip>, <sname>, <dip>, <dport>, <object>, <login>, <subject> |
|
No Route SubCls:018 |
3.2 |
<process>, <version>, <vmid>, <threatname>, <threatid> |
Parsed Metadata Fields
|
Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
Data_source_URL |
<object> |
Text/String |
|
Device Product |
<process> |
Text/String |
|
ExternaIip |
<dip> |
IP Address |
|
Externalport |
<dport> |
Numeric |
|
InternalHost |
<sname> |
Text/String |
|
InternalIP |
<sip> |
IP Address |
|
Message |
<subject> |
Text/String |
|
Msg |
<subject> |
Text/String |
|
Name |
<threatname> |
Text/String |
|
Rule_name |
<policy> |
Text/String |
|
Severity |
<threatId> |
Numeric |
|
Signature ID |
<vmid> |
Numeric |
|
User_name |
<login> |
Text/String |
|
Version |
<version> |
Numeric |