Device Details
|
Vendor |
Symantec |
|---|---|
|
Device Type |
Symantec Endpoint Server |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
All |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
Yes |
|
Log Source Type |
Syslog - Symantec Endpoint Server |
|
Log Processing Policy |
LogRhythm Default v2.0 |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
V 2.0 : Catch All : SEPM System Events |
All |
<severity>, <tag1>, <dname>, <subject>, <tag2> |
|
V 2.0 : General SEP LiveUpdate Information |
All |
<dname>, <subject>, <tag1> |
|
V 2.0 : Inbound SEP Host Packet Events |
All |
<dname>, <dip>, <dport>, <sip>, <sname>, <sport>, <process>, <action>, <tag1> |
|
V 2.0 : Inbound SEP Host Traffic Events |
All |
<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protnum>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <tag1>, <hash>, <domainimpacted> |
|
V 2.0 : Inbound SEP Malcious Activity Detected |
All |
<sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <smac>, <dmac>, <protname>, <account>, <domainimpacted>, <subject>, <threatname>, <threatid>, <hash>, <url>, <quantity>, <tag2>, <tag1> |
|
V 2.0 : Outbound SEP Host Packet Events |
All |
<sname>, <sip>, <dip>, <sport>, <dname>, <dport>, <process>, <action> |
|
V 2.0 : Outbound SEP Host Traffic Events |
All |
<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protnum>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <domainorigin>, <tag1>, <hash> |
|
V 2.0 : Outbound SEP Malcious Activity Detected |
All |
<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <domainorigin>, <tag1>, <hash>, <subject>, <sport>, <threatid>, <tag2>, <threatname> |
|
V 2.0 : SEP Administrative Events |
All |
<severity>, <dname>, <login>, <subject>, <tag1> |
|
V 2.0 : SEP General Agent Activity Messages |
All |
<dname>, <subject>, <sname>, <login>, <domainorigin> |
|
V 2.0 : SEP General Agent System Messages |
All |
<severity>, <dname>, <subject>, <tag1>, <tag2> |
|
V 2.0 : SEP General Object Access Message |
All |
<sname>, <sip>, <action>, <tag1>, <subject>, <command>, <tag2>, <policy>, <processid>, <process>, <object>, <login>, <domainorigin>, <size>, <objecttype> |
|
V 2.0 : SEP General Suspicious Activity Detected |
All |
<dip>, <dname>, <account>, <domainorigin>, <process>, <object>, <subject>, <threatname>, <hash>, <url>, <action>, <quantity>, <size>, <tag2>, <tag1> |
|
V 2.0 : SEP Logs Purged |
All |
<dname>, <object>, <subject>, <quantity>, <tag1> |
|
V 2.0 : SEP Malware Scan Information |
All |
<dip>, <dname>, <domainimpacted>, <command>, <result>, <status>, <duration>, <tag1>, <subject>, <quantity>, <objecttype> |
|
V 2.0 : SEP Policy Information |
All |
<dname>, <login>, <subject>, <tag1>, <policy> |
|
V 2.0 : SEP SONAR General Susp. Activity Detected |
All |
<severity>, <dip>, <dname>, <account>, <domainorigin>, <process>, <object>, <subject>, <threatname>, <hash>, <url>, <action>, <quantity>, <size>, <tag2>, <tag1> |
|
V 2.0 : SEP Update Information |
All |
<sname>, <object>, <subject>, <tag1> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.621.0 |
N/A |
N/A |
Log Source Optimization changes |