Device Details

Device NameDragos Platform CEF

Vendor

Dragos

Device Type

Dragos

Supported Model Name/Number

N/A

Supported Software Version(s)

v1.6

Collection Method

Common Event Format (CEF)

Configurable Log Output?

Yes

Log Source Type

Syslog - Dragos Platform CEF

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://www.dragos.com/platform

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

Catch All : Level 1 (Dragos Platform CEF)

v1.6<severity>
Catch All : Level 2 (Dragos Platform CEF)v1.6<severity>, <objecttype>
Dragos Alertsv1.6

<version>, <vmid>, <severity>, <vendorinfo>, <dip>, <dname>, <dmac>, <sip>, <sname>, <smac>, <session>, <tag1>, <objecttype>, <object>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.573.2Syslog - Dragos Platform CEFNew Log Source TypeNew Device Support for Syslog - Dragos Platform CEF.
KB 7.1.575.1Syslog - Dragos Platform CEFNew Base Rules, Sub Rule tagging
  • Updated Dragos Alerts Base Rule regex to enable tagging for <objecttype> in Sub Rules.
  • Added Base Rules Catch All : Level 1 and Catch All : Level 2
KB 7.1.576.0Syslog - Dragos Platform CEFSub Rule processing settings update

Updated mapping for <tag1> field to match Configuration, Indicator, Modeling, Threat Behavior, or Unassigned value as applicable.