Device Details

Device NameMistNet NDR

Vendor

MistNet

Device Type

MistNet

Supported Model Name/Number

N/A

Supported Software Version(s)

2021.07.1

Collection Method

Syslog

Configurable Log Output

No

Log Source Type

Syslog - MistNet NDR

Log Processing Policy

LogRhythm Default v2.0

Exceptions

N/A

Additional Information

N/A

Supported Log Messages

Type

Product Version

Supported Schema Fields

Catch AllN/A<vmid>, <vendorinfo>, <subject>, <threatid>, <status>
MN: Case And Incident MessagesN/A

<vmid>, <vendorinfo>, <severity>, <sip>, <dip>, <dname>, <sport>, <dport>, <protname>, <account>, <domainimpacted>,<subject>, <threatname>, <threatid>, <url>, <reason>, <status>, <bytesin>, <bytesout>, <itemsin>, <itemsout>, <duration>

Configure MistNet NDR for SIEM Integration

To configure MistNet NDR for SIEM integration, do the following:

  1. Login to MistNet NDR.
  2. From the Dashboard, click Settings, then SIEM, and then Syslog Configuration.
    The Syslog IP Configuration screen appears.

  3. In the Syslog Server IP field, enter the LogRhythm System Monitor Agent server's IP Address.
  4. In the Port field, enter 514.

    MistNet Syslog sends logs via TCP Port 514.

  5. Click Update.

Configure Notifications and Score Threshold

To configure the notification type and score threshold, do the following:   

  1. Login to MistNet NDR.
  2. From the Dashboard, click Settings, then SIEM, and then Syslog Notifications.
    The Notifications screen appears.
  3. Configure the notification type by checking any of the following boxes:
    • Per Incident 
    • Per Policy 
    • Per Case 
    • Per Test
  4. Enter a value in the Score Threshold field to configure the notification score threshold.

    Notification logs are sent for cases and incidents with scores that are greater than or equal to the entered value.

  5. Click Update.

    MistNet NDR parsing performance is expected to be around ~500mps.

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.625.0

Syslog - MistNet NDR

New Log Source TypeNew Device: Syslog - MistNet NDR