Device Details

Device NameDragos Platform CEF

Vendor

Dragos

Device Type

Dragos

Supported Model Name/Number

N/A

Supported Software Version(s)

v1.6

Collection Method

Common Event Format (CEF)

Configurable Log Output?

Yes

Log Source Type

Syslog - Dragos Platform CEF

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://www.dragos.com/platform

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

Catch All : Level 1 (Dragos Platform CEF)

v1.6<severity>
Catch All : Level 2 (Dragos Platform CEF)v1.6<severity>, <objecttype>
Dragos Alertsv1.6

<version>, <vmid>, <severity>, <vendorinfo>, <dip>, <dname>, <dmac>, <sip>, <sname>, <smac>, <session>, <tag1>, <objecttype>, <object>

Dragos Eventsv1.6<version>, <vmid>, <severity>, <vendorinfo>, <dname>, <dip>, <dmac>, <domainimpacted>, <sip>, <sname>, <smac>, <domainorigin>, <threatid>, <objecttype>, <tag1>, <object>, <threatname>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.573.2Syslog - Dragos Platform CEFNew Log Source TypeNew Device Support for Syslog - Dragos Platform CEF.
KB 7.1.575.1Syslog - Dragos Platform CEFNew Base Rules, Sub Rule tagging
  • Updated Dragos Alerts Base Rule regex to enable tagging for <objecttype> in Sub Rules.
  • Added Base Rules Catch All : Level 1 and Catch All : Level 2
KB 7.1.576.0Syslog - Dragos Platform CEFSub Rule processing settings update

Updated mapping for <tag1> field to match Configuration, Indicator, Modeling, Threat Behavior, or Unassigned value as applicable.

KB 7.1.626.0Syslog - Dragos Platform CEFNew Base Rule created.Added Base Rule Dragos Events.