Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today’s top threats. By collecting and analyzing NetFlow, IPFIX, and other types of transaction data, Lancope's StealthWatch® System quickly detects a wide range of attacks from APTs, DDoS to zero-day malware, and insider threats.

Lancope's market-leading StealthWatch System leverages the network as a sensor to deliver context-aware network visibility and security analytics to defend enterprises against advanced cyber threats.

  • LogRhythm can leverage StealthWatch's unique ability to identify persistent attacks that have bypassed the perimeter, correlating these events with endpoint visibility and other security events, where available.
  • LogRhythm consumption of StealthWatch-detected events provides single-screen visibility into network activities.
  • For additional context and triage actions, users can pivot from an alarm event recorded in LogRhythm to the associated information contained within StealthWatch.

Device Details

Device NameSyslog - Lancope StealthWatch CEF


Lancope StealthWatch

Device Type

Network Monitor

Supported Model Name/Number


Supported Software Version(s)

StealthWatch 6.6

Collection Method

Syslog CEF

Configurable Log Output?


Log Source Type

Syslog CEF

Log Processing Policy

LogRhythm Default



Additional Information



  • Deployment of application and its credentials.

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)


Product Version

Supported Schema Fields

Alarm Messages


<version>, <vmid>, <threatname>, <command>, <severity>, <subject>, <dip>, <sip>, <url>, <login>, <dport>, <protnum>, <dname>, <dmac>

Priority B Messages


<dname>, <severity>, <vmid>, <subject>, <threatname>, <sport>, <dip>, <dmac>, <dname>, <command>, <sname>, <sip>, <smac>, <login>, <object>, <objectname>

Revision History

KB Version

Log Type

Change Type


KB 7.1.597.0

*Base Rule modified

Regular Expression modified to match unidentified logs.