Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today’s top threats. By collecting and analyzing NetFlow, IPFIX, and other types of transaction data, Lancope's StealthWatch® System quickly detects a wide range of attacks from APTs, DDoS to zero-day malware, and insider threats.

Lancope's market-leading StealthWatch System leverages the network as a sensor to deliver context-aware network visibility and security analytics to defend enterprises against advanced cyber threats.

  • LogRhythm can leverage StealthWatch's unique ability to identify persistent attacks that have bypassed the perimeter, correlating these events with endpoint visibility and other security events, where available.
  • LogRhythm consumption of StealthWatch-detected events provides single-screen visibility into network activities.
  • For additional context and triage actions, users can pivot from an alarm event recorded in LogRhythm to the associated information contained within StealthWatch.

Device Details

Device NameSyslog - Lancope StealthWatch CEF

Vendor

Lancope StealthWatch

Device Type

Network Monitor

Supported Model Name/Number

Lancope

Supported Software Version(s)

StealthWatch 6.6

Collection Method

Syslog CEF

Configurable Log Output?

N/A

Log Source Type

Syslog CEF

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

N/A

Prerequisites

  • Deployment of application and its credentials.

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

Alarm Messages

N/A

<version>, <vmid>, <threatname>, <command>, <severity>, <subject>, <dip>, <sip>, <url>, <login>, <dport>, <protnum>, <dname>, <dmac>

Priority B Messages

N/A

<dname>, <severity>, <vmid>, <subject>, <threatname>, <sport>, <dip>, <dmac>, <dname>, <command>, <sname>, <sip>, <smac>, <login>, <object>, <objectname>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.597.0

*Base Rule modified

Regular Expression modified to match unidentified logs.