Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Event Collection from Third-party Devices
- Event Collection from Third-party Devices
- Adding a DSM
play_arrow Introduction to Log Source Management
- Introduction to Log Source Management
- Adding a Log Source
- Adding a Log Source by using the Log Sources Icon
- Adding Bulk Log Sources
- Adding Bulk Log Source by using the Log Sources Icon
- Editing Bulk Log Sources
- Editing Bulk Log Sources by using the Log Sources icon
- Adding a Log Source Parsing Order
- Testing Log Sources
- Log Source Groups
play_arrow Gateway Log Source
- Gateway Log Source
- Log Source Identifier Pattern
play_arrow Log Source Extensions
- Log Source Extensions
- Patterns in Log Source Extension Documents
- Match Groups
- Extension Document Template
- Creating a Log Source Extensions Document to get data into JSA
- Examples of Parsing Issues
play_arrow Manage Log Source Extensions
- Log Source Extension Management
- Adding a Log Source Extension
play_arrow Threat Use Cases by Log Source Type
- Threat Use Cases by Log Source Type
play_arrow Troubleshooting DSMs
- Troubleshooting DSMs
play_arrow Protocols
- Undocumented protocols
- Protocol Configuration Options
play_arrow Universal Cloud REST API Protocol
- Universal Cloud REST API Protocol
- Workflow
- Workflow Parameter Values
- State
- Actions
- JPath
- Command Line Testing Tool
play_arrow Protocols that Support Certificate Management
- Protocols that support Certificate Management
play_arrow 3Com Switch 8800
- 3Com Switch 8800
- Configuring Your 3COM Switch 8800
play_arrow AhnLab Policy Center
- AhnLab Policy Center
play_arrow Akamai KONA
- Akamai Kona
- Configure an Akamai Kona Log Source by using the HTTP Receiver Protocol
- Configure an Akamai Kona Log Source by using the Akamai Kona REST API Protocol
- Configuring Akamai Kona to Communicate with JSA
- Creating an Event Map for Akamai Kona Events
- Modifying the Event Map for Akamai Kona
- Akamai Kona Sample Event Messages
play_arrow Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs DSM Specifications
- Publishing Flow Logs to an S3 Bucket
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs Sample Event Message
play_arrow Amazon AWS CloudTrail
- Amazon AWS CloudTrail
- Configuring an Amazon AWS CloudTrail Log Source by using the Amazon AWS S3 REST API Protocol
- Configuring an Amazon AWS CloudTrail Log Source by using the Amazon Web Services Protocol
- Amazon AWS CloudTrail Sample Event Message
play_arrow Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service DSM Specifications
- Configuring Amazon Elastic Kubernetes Service to Communicate with JSA
- Configuring Security Credentials for your AWS User Account
- Amazon Web Services Log Source Parameters for Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service Sample Event Messages
play_arrow Amazon AWS Network Firewall
- Amazon AWS Network Firewall
- Amazon AWS Network Firewall DSM Specifications
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for Your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS Network Firewall
- AWS Network Firewall Sample Event Messages
play_arrow Amazon AWS Route 53
- Amazon AWS Route 53
- Amazon AWS Route 53 DSM Specifications
- Configuring an Amazon AWS Route 53 Log Source by using the Amazon Web Services Protocol and CloudWatch Logs
- Configuring an Amazon AWS Route 53 Log Source by using an S3 Bucket with an SQS Queue
- Configuring an Amazon AWS Route 53 Log Source by using an S3 Bucket with a Directory Prefix
- Amazon AWS Route 53 Sample Event Messages
play_arrow Amazon AWS Security Hub
- Amazon AWS Security Hub
- Creating an EventBridge Rule for Sending Events
- Creating an Identity and Access (IAM) User in the AWS Management Console When Using the Amazon Web Services
- Amazon AWS Security Hub DSM specifications
- Amazon AWS Security Hub Sample Event Message
play_arrow Amazon AWS WAF
- Amazon AWS WAF
- Amazon AWS WAF DSM Specifications
- Configuring Amazon AWS WAF to Communicate with JSA
- Configuring Security Credentials for your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS WAF
- Amazon AWS WAF Sample Event Messages
play_arrow Amazon GuardDuty
- Amazon GuardDuty
- Configuring an Amazon GuardDuty Log Source by using the Amazon Web Services Protocol
- Creating an EventBridge Rule for Sending Events
- Creating an Identity and Access (IAM) User in the AWS Management Console
- Configuring an Amazon GuardDuty Log Source by using the Amazon AWS S3 REST API Protocol
- Configuring Amazon GuardDuty to Forward Events to an AWS S3 Bucket
- Amazon GuardDuty Sample Event Messages
play_arrow Ambiron TrustWave IpAngel
- Ambiron TrustWave IpAngel
play_arrow Amazon VPC Flow Logs
- Amazon VPC Flow Logs
- Amazon VPC Flow Logs Specifications
- Publishing Flow Logs to an S3 Bucket
- Create the SQS Queue that is Used to Receive ObjectCreated Notifications
- Configuring Security Credentials for your AWS User Account
play_arrow APC UPS
- APC UPS
- Configuring Your APC UPS to Forward Syslog Events
- APC UPS Sample Event Message
play_arrow Apache HTTP Server
- Apache HTTP Server
- Configuring Apache HTTP Server with Syslog
- Syslog Log Source Parameters for Apache HTTP Server
- Configuring Apache HTTP Server with Syslog-ng
- Syslog Log Source Parameters for Apache HTTP Server
- Apache HTTP Server Sample Event Messages
play_arrow Apple Mac OS X
- Apple Mac OS X
- Apple Mac OS X DSM Specifications
- Syslog Log Source Parameters for Apple Mac OS X
- Configuring Syslog on Your Apple Mac OS X
- Sample Event Message
play_arrow Application Security DbProtect
- Application Security DbProtect
- Installing the DbProtect LEEF Relay Module
- Configuring the DbProtect LEEF Relay
- Configuring DbProtect Alerts
play_arrow Arbor Networks
- Arbor Networks
- Arbor Networks Peakflow SP
- Arbor Networks Pravail
play_arrow Arpeggio SIFT-IT
- Arpeggio SIFT-IT
- Configuring a SIFT-IT Agent
- Syslog Log Source Parameters for Arpeggio SIFT-IT
- Additional Information
play_arrow Array Networks SSL VPN
- Array Networks SSL VPN
- Syslog Log Source Parameters for Array Networks SSL VPN
play_arrow Aruba Networks
- Aruba Networks
- Aruba ClearPass Policy Manager
- Aruba Introspect
- Aruba Mobility Controllers
play_arrow Avaya VPN Gateway
- Avaya VPN Gateway
- Avaya VPN Gateway DSM Integration Process
- Configuring Your Avaya VPN Gateway System for Communication with JSA
- Syslog Log Source Parameters for Avaya VPN Gateway
- Avaya VPN Gateway Sample Event Messages
play_arrow BalaBit IT Security
- BalaBit IT Security
- BalaBIt IT Security for Microsoft Windows Events
- BalaBit IT Security for Microsoft ISA or TMG Events
play_arrow Barracuda
- Barracuda
- Barracuda Spam & Virus Firewall
- Barracuda Web Application Firewall
- Barracuda Web Filter
play_arrow BeyondTrust PowerBroker
- BeyondTrust PowerBroker
- Syslog Log Source Parameters for BeyondTrust PowerBroker
- TLS Syslog Log Source Parameters for BeyondTrust PowerBroker
- Configuring BeyondTrust PowerBroker to Communicate with JSA
- BeyondTrust PowerBroker DSM Specifications
- BeyondTrust PowerBroker Sample Event Messages
play_arrow BlueCat Networks Adonis
- BlueCat Networks Adonis
- Supported Event Types
- Event Type Format
- Configuring BlueCat Adonis
- Syslog Log Source Parameters for BlueCat Networks Adonis
play_arrow Blue Coat SG
- Blue Coat
- Blue Coat SG
- Creating a Custom Event Format for Blue Coat SG
- Creating a Log Facility
- Enabling Access Logging
- Configuring Blue Coat SG for FTP Uploads
- Syslog Log Source Parameters for Blue Coat SG
- Log File Log Source Parameters for Blue Coat SG
- Configuring Blue Coat SG for Syslog
- Creating Extra Custom Format Key-value Pairs
- Blue Coat SG Sample Event Messages
play_arrow Blue Coat Web Security Service
- Blue Coat Web Security Service
- Configuring Blue Coat Web Security Service to Communicate with JSA
- Sample Event Message
play_arrow Box
- Box
- Configuring Box to Communicate with JSA
- Box Sample Event Messages
play_arrow Bridgewater
- Bridgewater
- Configuring Syslog for Your Bridgewater Systems Device
- Syslog Log Source Parameters for Bridgewater Systems
play_arrow Broadcom
- Broadcom
- Broadcom CA ACF2
- Broadcom CA Top Secret
- Broadcom Symantec SiteMinder
play_arrow Brocade Fabric OS
- Brocade Fabric OS
- Configuring Syslog for Brocade Fabric OS Appliances
- Brocade Fabric OS Sample Event Messages
play_arrow Carbon Black
- Carbon Black
- Carbon Black Bit9 Parity
- Bit9 Security Platform
play_arrow Centrify
- Centrify
- Centrify Identity Platform
- Centrify Identity Platform DSM specifications
- Configuring Centrify Identity Platform to communicate with JSA
- Centrify Infrastructure Services
- Configuring WinCollect Agent to Collect Event Logs from Centrify Infrastructure Services
- Configuring Centrify Infrastructure Services on a UNIX or Linux Device to Communicate with JSA
play_arrow Check Point
- Check Point
- Integrate Check Point by using Syslog
- Integrate Check Point by using OPSEC
- Integrating Check Point by using TLS Syslog
- Integration of Check Point Firewall Events from External Syslog Forwarders
- Check Point Multi-Domain Management (Provider-1)
play_arrow Cilasoft QJRN/400
- Cilasoft QJRN/400
- Configuring Cilasoft QJRN/400
- Syslog Log Source Parameters for Cilasoft QJRN/400
play_arrow Cisco
- Cisco
- Cisco ACE Firewall
- Configuring Cisco Aironet to Forward Events
- Cisco ACS
- Cisco ASA
- Cisco AMP
- Cisco CallManager
- Cisco CatOS for Catalyst Switches
- Cisco Cloud Web Security
- Cisco CSA
- Cisco Firepower Management Center
- Cisco Firepower Threat Defense
- Cisco FWSM
- Cisco Identity Services Engine
- Cisco IDS/IPS
- Cisco IOS
- Cisco IronPort
- Cisco Meraki
- Cisco NAC
- Cisco Nexus
- Cisco Pix
- Cisco Stealthwatch
- Cisco Umbrella
- Cisco VPN 3000 Concentrator
- Cisco Wireless LAN Controllers
- Cisco Wireless Services Module
play_arrow Citrix
- Citrix
- Citrix Access Gateway
- Citrix NetScaler
play_arrow Cloudera Navigator
- Cloudera Navigator
- Configuring Cloudera Navigator to Communicate with JSA
play_arrow Cloudflare Logs
- Cloudflare Logs
- Cloudflare Logs DSM Specifications
- Configure Cloudflare to send Events to JSA when you use the HTTP Receiver Protocol
- Configuring Cloudflare Logs to Send Events to JSA when you use the Amazon S3 REST API Protocol
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for Your AWS User Account
- HTTP Receiver Log Source Parameters for Cloudflare Logs
- Amazon AWS S3 REST API Log Source Parameters for Cloudflare Logs
- Cloudflare Logs Sample Event Messages
play_arrow CloudPassage Halo
- CloudPassage Halo
- Configuring CloudPassage Halo for Communication with JSA
- Syslog Log Source Parameters for CloudPassage Halo
- Log File Log Source Parameters for CloudPassage Halo
play_arrow CloudLock Cloud Security Fabric
- CloudLock Cloud Security Fabric
- Configuring CloudLock Cloud Security Fabric to Communicate with JSA
play_arrow Correlog Agent for IBM Z/OS
- Correlog Agent for IBM Z/OS
- Configuring Your CorreLog Agent System for Communication with JSA
play_arrow CrowdStrike Falcon
- CrowdStrike Falcon
- CrowdStrike Falcon DSM Specifications
- Configuring CrowdStrike Falcon to Communicate with JSA
- Syslog Log Source Parameters for CrowdStrike Falcon
- CrowdStrike Falcon Host Sample Event Message
play_arrow CRYPTOCard CRYPTO-Shield
- CRYPTOCard CRYPTO-Shield
- Configuring Syslog for CRYPTOCard CRYPTO-Shield
- Syslog Log Source Parameters for CRYPTOCard CRYPTO-Shield
play_arrow CyberArk
- CyberArk
- CyberArk Privileged Threat Analytics
- CyberArk Vault
play_arrow CyberGuard Firewall/VPN Appliance
- CyberGuard Firewall/VPN Appliance
- Configuring Syslog Events
- Syslog Log Source Parameters for CyberGuard
play_arrow Damballa Failsafe
- Damballa Failsafe
- Configuring Syslog for Damballa Failsafe
- Syslog Log Source Parameters for Damballa Failsafe
play_arrow DG Technology MEAS
- DG Technology MEAS
- Configuring Your DG Technology MEAS System for Communication with JSA
play_arrow Digital China Networks (DCN)
- Digital China Networks (DCN)
- Configuring a DCN DCS/DCRS Series Switch
- Syslog Log Source Parameters for DCN DCS/DCRS Series Switches
play_arrow Enterprise-IT-Security.com SF-Sherlock
- Enterprise-IT-Security.com SF-Sherlock
- Configuring Enterprise-IT-Security.com SF-Sherlock to Communicate with JSA
play_arrow Epic SIEM
- Epic SIEM
- Configuring Epic SIEM 2014 to Communicate with JSA
- Configuring Epic SIEM 2015 to Communicate with JSA
- Configuring Epic SIEM 2017 to Communicate with JSA
play_arrow ESET Remote Administrator
- ESET Remote Administrator
- Configuring ESET Remote Administrator to Communicate with JSA
play_arrow Exabeam
- Exabeam
- Configuring Exabeam to Communicate with JSA
- Exabeam Sample Event Message
play_arrow Extreme
- Extreme
- Extreme 800-Series Switch
- Extreme Dragon
- Extreme HiGuard Wireless IPS
- Extreme HiPath Wireless Controller
- Extreme Matrix Router
- Extreme Matrix K/N/S Series Switch
- Extreme NetSight Automatic Security Manager
- Extreme NAC
- Configuring Extreme Stackable and Stand-alone Switches
- Extreme Networks ExtremeWare
- Extreme XSR Security Router
play_arrow F5 Networks
- F5 Networks
- F5 Networks BIG-IP AFM
- F5 Networks BIG-IP APM
- F5 Networks BIG-IP ASM
- F5 Networks BIG-IP LTM
- F5 Networks FirePass
play_arrow Fair Warning
- Fair Warning
- Log File Log Source Parameters for Fair Warning
- Fair Warning Sample Event Messages
play_arrow Fasoo Enterprise DRM
- Fasoo Enterprise DRM
- Configuring Fasoo Enterprise DRM to Communicate with JSA
play_arrow Fidelis XPS
- Fidelis XPS
- Configuring Fidelis XPS
- Syslog Log Source Parameters for Fidelis XPS
- Fidelis XPS Sample Event Messages
play_arrow FireEye
- FireEye
- Configuring Your FireEye System for Communication with JSA
- Configuring Your FireEye HX System for Communication with JSA
- Configuring a FireEye Log Source in JSA
- FireEye Sample Event Message
play_arrow Forcepoint
- Forcepoint
- Forcepoint Stonesoft Management Center
- Forcepoint Sidewinder
- Forcepoint TRITON
- Forcepoint V-Series Data Security Suite
- Forcepoint V-Series Content Gateway
play_arrow ForeScout CounterACT
- ForeScout CounterACT
- Syslog Log Source Parameters for ForeScout CounterACT
- Configuring the ForeScout CounterACT Plug-in
- Configuring ForeScout CounterACT Policies
- ForeScout CounterACT Sample Event Messages
play_arrow Fortinet FortiGate
- Fortinet FortiGate Security Gateway
- Configuring a Syslog Destination on Your Fortinet FortiGate Security Gateway Device
- Configuring a Syslog Destination on Your Fortinet FortiAnalyzer Device
- Fortinet FortiGate Security Gateway Sample Event Messages
- Configuring JSA to Categorize App Ctrl Events for Fortinet Fortigate Security Gateway
play_arrow Foundry FastIron
- Foundry FastIron
- Configuring Syslog for Foundry FastIron
- Syslog Log Source Parameters for Foundry FastIron
play_arrow FreeRADIUS
- FreeRADIUS
- Configuring Your FreeRADIUS Device to Communicate with JSA
play_arrow Generic
- Generic
- Generic authorization Server
- Generic firewall
play_arrow Google Cloud Audit Logs
- Google Cloud Audit Logs
- Google Cloud Audit Logs DSM Specifications
- Configuring Google Cloud Audit Logs to Communicate with JSA
- Google Cloud Pub/Sub Protocol Log Source parameters for Google Cloud Audit Logs
- Google Cloud Audit Logs Sample Event Messages
play_arrow Genua Genugate
- Genua Genugate
- Configuring Genua Genugate to Send Events to JSA
- Genua Genugate Sample Event Messages
play_arrow Google Cloud Platform Firewall
- Google Cloud Platform Firewall
- Google Cloud Platform Firewall DSM Specifications
- Configuring Google Cloud Platform Firewall to Communicate with JSA
- Google Cloud Pub/Sub Log Source Parameters for Google Cloud Platform Firewall
- Sample Event Message
play_arrow Google G Suite Activity Reports
- Google G Suite Activity Reports
- Google G Suite Activity Reports DSM Specifications
- Configuring Google G Suite Activity Reports to Communicate with JSA
- Assigning a Role to a User
- Creating a Service Account with Viewer Access
- Granting API Client Access to a Service Account
- Google G Suite Activity Reports Log Source Parameters
- Google G Suite Activity Reports Sample Event Messages
- Troubleshooting Google G Suite Activity Reports
play_arrow Great Bay Beacon
- Great Bay Beacon
- Configuring Syslog for Great Bay Beacon
- Syslog Log Source Parameters for Great Bay Beacon
play_arrow H3C Technologies
- H3C Technologies
- H3C Comware Platform
play_arrow HBGary Active Defense
- HBGary Active Defense
- Configuring HBGary Active Defense
- Syslog Log Source Parameters for HBGary Active Defense
play_arrow HCL BigFix (formerly known as IBM BigFix)
- HCL BigFix (formerly known as IBM BigFix)
play_arrow Honeycomb Lexicon File Integrity Monitor (FIM)
- Honeycomb Lexicon File Integrity Monitor (FIM)
- Supported Honeycomb FIM Event Types Logged by JSA
- Configuring the Lexicon Mesh Service
- Syslog Log Source Parameters for Honeycomb Lexicon File Integrity Monitor
play_arrow Hewlett Packard Enterprise
- Hewlett Packard Enterprise
- HPE Network Automation
- Configuring HPE Network Automation Software to Communicate with JSA
- HPE ProCurve
- HPE Tandem
- Hewlett Packard Enterprise UniX (HPE-UX)
play_arrow Huawei
- Huawei
- Huawei AR Series Router
- Huawei S Series Switch
play_arrow HyTrust CloudControl
- HyTrust CloudControl
- Configuring HyTrust CloudControl to Communicate with JSA
play_arrow IBM
- IBM
- IBM AIX DSMs
- IBMi
- IBM DB2
- IBM BigFix Detect
- IBM Cloud Platform (formerly known as IBM Bluemix Platform)
- IBM CICS
- IBM DataPower
- IBM DLC Metrics
- IBM Federated Directory Server
- IBM MaaS360 Security
- IBM Guardium
- IBM IMS
- IBM Informix Audit
- IBM Lotus Domino
- IBM Privileged Session Recorder
- IBM Proventia
- IBM RACF
- IBM SAN Volume Controller
- IBM Security Directory Server
- IBM Security Identity Governance
- IBM Security Network IPS (GX)
- IBM Network Security (XGS)
- IBM Security Trusteer
- IBM Security Trusteer Apex Advanced Malware Protection
- IBM Security Trusteer Apex Local Event Aggregator
- IBM Sense
- IBM SmartCloud Orchestrator
- IBM Tivoli Access Manager for E-business
- IBM Web Sphere Application Server
- IBM WebSphere DataPower
- IBM Z/OS
- IBM zSecure Alert
play_arrow ISC BIND
- ISC BIND
- ISC BIND DSM Specifications
- Syslog Log Source Parameters for ISC BIND
- ISC BIND Sample Event Message
play_arrow Illumio Adaptive Security Platform
- Illumio Adaptive Security Platform
- Configuring Illumio Adaptive Security Platform to Communicate with JSA
play_arrow Imperva Incapsula
- Imperva Incapsula
play_arrow Imperva SecureSphere
- Imperva SecureSphere
- Configuring an Alert Action for Imperva SecureSphere
- Configuring a System Event Action for Imperva SecureSphere
- Configuring Imperva SecureSphere V11.0 to V13 to Send Database Audit Records to JSA
play_arrow Infoblox NIOS
- Infoblox NIOS
- Infoblox NIOS DSM Specifications
- Infoblox NIOS Sample Event Message
play_arrow IT-CUBE AgileSI
- IT-CUBE AgileSI
- Configuring AgileSI to Forward Events
- SMB Tail Log Source Parameters for iT-CUBE AgileSI
play_arrow Itron Smart Meter
- Itron Smart Meter
play_arrow Juniper Networks
- Juniper Networks
- Juniper Networks AVT
- Juniper Networks DDoS Secure
- Juniper Networks DX Application Acceleration Platform
- Juniper Networks EX Series Ethernet Switch
- Juniper Networks IDP
- Juniper Networks Infranet Controller
- Juniper Networks Firewall and VPN
- Juniper Networks Junos OS
- Juniper Networks Network and Security Manager
- Juniper Networks Secure Access
- Juniper Networks Security Binary Log Collector
- Juniper Networks Steel-Belted Radius
- Juniper Networks VGW Virtual Gateway
- Juniper Networks Junos OS WebApp Secure
- Juniper Networks WLC Series Wireless LAN Controller
play_arrow Kaspersky
- Kaspersky
- Kaspersky CyberTrace
- Kaspersky Security Center
play_arrow Kisco Information Systems SafeNet/i
- Kisco Information Systems SafeNet/i
- Configuring Kisco Information Systems SafeNet/i to Communicate with JSA
play_arrow Kubernetes Auditing
- Kubernetes Auditing
- Kubernetes Auditing DSM Specifications
- Configuring Kubernetes Auditing to Communicate with JSA
- Kubernetes Auditing Log Source Parameters
- Kubernetes Auditing Sample Event Message
play_arrow Lastline Enterprise
- Lastline Enterprise
- Configuring Lastline Enterprise to Communicate with JSA
play_arrow Lieberman Random Password Manager
- Lieberman Random Password Manager
play_arrow LightCyber Magna
- LightCyber Magna
- Configuring LightCyber Magna to Communicate with JSA
play_arrow Linux
- Linux
- Linux DHCP Server
- Linux IPtables
- Linux OS
play_arrow LOGbinder
- LOGbinder
- LOGbinder EX Event Collection from Microsoft Exchange Server
- LOGbinder SP Event Collection from Microsoft SharePoint
- LOGbinder SQL Event Collection from Microsoft SQL Server
play_arrow McAfee
- McAfee
- JDBC Log Source Parameters for McAfee Application/ Change Control
- McAfee EPolicy Orchestrator
- McAfee MVISION Cloud (formerly known as Skyhigh Networks Cloud Security Platform)
- McAfee Network Security Platform (formerly known as McAfee Intrushield)
- McAfee Web Gateway
play_arrow MetaInfo MetaIP
- Syslog Log Source Parameters for MetaInfo MetaIP
play_arrow Microsoft
- Microsoft
- Microsoft 365 Defender
- Microsoft Azure Active Directory
- Microsoft Azure Platform
- Microsoft Azure Security Center
- Microsoft DHCP Server
- Microsoft DNS Debug
- Microsoft Endpoint Protection
- Microsoft Exchange Server
- Microsoft Hyper-V
- Microsoft IAS Server
- Microsoft IIS Server
- Microsoft ISA
- Microsoft Office 365
- Microsoft Office 365 Message Trace
- JDBC Log Source Parameters for Microsoft Operations Manager
- Microsoft SharePoint
- Microsoft SQL Server
- JDBC Log Source Parameters for Microsoft System Center Operations Manager
- Microsoft Windows Security Event Log
play_arrow Motorola Symbol AP
- Motorola Symbol AP
- Syslog Log Source Parameters for Motorola SymbolAP
- Configure Syslog Events for Motorola Symbol AP
play_arrow Name Value Pair
- Name Value Pair
play_arrow NCC Group DDoS Secure
- NCC Group DDoS Secure
- Configuring NCC Group DDoS Secure to Communicate with JSA
play_arrow NetApp Data ONTAP
- NetApp Data ONTAP
play_arrow Netgate pfSense
- Netgate pfSense
- Netgate pfSense DSM Specifications
- Configuring Netgate pfSense to Communicate with JSA
- Syslog Log Source Parameters for Netgate pfSense
- Sample Event Message
play_arrow Netskope Active
- Netskope Active
- Netskope Active REST API Log Source Parameters for Netskope Active
- Netskope Active Sample Event Message
play_arrow NGINX HTTP Server
- NGINX HTTP Server
- NGINX HTTP Server DSM Specifications
- NGINX HTTP Server Sample Event Message
play_arrow Niksun
- Niksun
play_arrow Nokia Firewall
- Nokia Firewall
- Integration with a Nokia Firewall by Using Syslog
- Integration with a Nokia Firewall by Using OPSEC
play_arrow Nominum Vantio
- Nominum Vantio
play_arrow Nortel Networks
- Nortel Networks
- Nortel Multiprotocol Router
- Nortel Application Switch
- Nortel Contivity
- Nortel Ethernet Routing Switch 2500/4500/5500
- Nortel Ethernet Routing Switch 8300/8600
- Nortel Secure Router
- Nortel Secure Network Access Switch
- Nortel Switched Firewall 5100
- Nortel Switched Firewall 6000
- Nortel Threat Protection System (TPS)
- Nortel VPN Gateway
play_arrow Novell EDirectory
- Novell EDirectory
- Configuring XDASv2 to Forward Events
- Loading the XDASv2 Module
- Loading the XDASv2 on a Linux Operating System
- Loading the XDASv2 on a Windows Operating System
- Configuring Event Auditing Using Novell IManager
- Configuring a Log Source
- Novell eDirectory Sample Event Message
play_arrow Observe IT JDBC
- Observe IT JDBC
play_arrow Okta
- Okta
play_arrow Onapsis Security Platform
- Onapsis Security Platform
- Configuring Onapsis Security Platform to Communicate with JSA
play_arrow OpenBSD
- OpenBSD
- Syslog Log Source Parameters for OpenBSD
- Configuring Syslog for OpenBSD
play_arrow Open LDAP
- Open LDAP
- UDP Multiline Syslog Log Source Parameters for Open LDAP
- Configuring IPtables for Multiline UDP Syslog Events
- Configuring Event Forwarding for Open LDAP
play_arrow Open Source SNORT
- Open Source SNORT
- Configuring Open Source SNORT
- Syslog Log Source Parameters for Open Source SNORT
play_arrow OpenStack
- OpenStack
- Configuring OpenStack to Communicate with JSA
play_arrow Oracle
- Oracle
- Oracle Acme Packet Session Border Controller
- Oracle Audit Vault
- Oracle BEA WebLogic
- Oracle RDBMS Audit Record
- Oracle DB Listener
- Oracle Directory Server overview
- Oracle Enterprise Manager
- Oracle Fine Grained Auditing
- Oracle RDBMS OS Audit Record
- osquery
play_arrow OSSEC
- OSSEC
- Configuring OSSEC
- Syslog Log Source Parameters for OSSEC
play_arrow Palo Alto Networks
- Palo Alto Networks
- Palo Alto Endpoint Security Manager
- Palo Alto Networks PA Series
play_arrow Pirean Access: One
- Pirean Access: One
- JDBC log source parameters for Pirean Access: One
play_arrow PostFix Mail Transfer Agent
- PostFix Mail Transfer Agent
- Configuring Syslog for PostFix Mail Transfer Agent
- UDP Multiline Syslog Log Source Parameters for PostFix MTA
- Configuring IPtables for Multiline UDP Syslog Events
- PostFix Mail Transfer Agent Sample Event Messages
play_arrow ProFTPd
- ProFTPd
- Configuring ProFTPd
- Syslog Log Source Parameters for ProFTPd
play_arrow Proofpoint Enterprise Protection and Enterprise Privacy
- Proofpoint Enterprise Protection and Enterprise Privacy
- Configuring Proofpoint Enterprise Protection and Enterprise Privacy DSM to Communicate with JSA
- Syslog Log Source Parameters for Proofpoint Enterprise Protection and Enterprise Privacy
play_arrow Pulse Secure
- Pulse Secure
play_arrow Pulse Secure Infranet Controller
- Pulse Secure Infranet Controller
play_arrow Pulse Secure Pulse Connect Secure
- Pulse Secure Pulse Connect Secure
- Configuring a Pulse Secure Pulse Connect Secure Device to Send WebTrends Enhanced Log File (WELF) Events to JSA
- Configuring a Pulse Secure Pulse Connect Secure Device to Send Syslog Events to JSA
- Pulse Secure Pulse Connect Secure Sample Event Message
play_arrow Radware
- Radware
- Radware AppWall
- Radware DefensePro
play_arrow Raz-Lee ISecurity
- Raz-Lee ISecurity
- Configuring Raz-Lee ISecurity to Communicate with JSA
- Syslog Log Source Parameters for Raz-Lee iSecurity
play_arrow Redback ASE
- Redback ASE
- Configuring Redback ASE
- Syslog Log Source Parameters for Redback ASE
play_arrow Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes DSM Specifications
- Configuring Red Hat Advanced Cluster Security for Kubernetes to Communicate with JSA
- HTTP Receiver Log Source Parameters for Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes Sample Event Messages
play_arrow Resolution1 CyberSecurity
- Resolution1 CyberSecurity
- Configuring Your Resolution1 CyberSecurity Device to Communicate with JSA
- Log File Log Source Parameters for Resolution1 CyberSecurity
play_arrow Riverbed
- Riverbed
- Riverbed SteelCentral NetProfiler (Cascade Profiler) Audit
- Riverbed SteelCentral NetProfiler (Cascade Profiler) Alert
play_arrow RSA Authentication Manager
- RSA Authentication Manager
- Configuration Of Syslog for RSA Authentication Manager 6.x, 7.x and 8.x
- Configuring Linux
- Configuring Windows
- Configuring the Log File Protocol for RSA Authentication Manager 6.x and 7.x
- Configuring RSA Authentication Manager 6.x
- Configuring RSA Authentication Manager 7.x
play_arrow SafeNet DataSecure
- SafeNet DataSecure
- Configuring SafeNet DataSecure to communicate with JSA
play_arrow Salesforce
- Salesforce
- Salesforce Security
- Salesforce Security Auditing
play_arrow Samhain Labs
- Samhain Labs
- Configuring Syslog to Collect Samhain Events
- JDBC Log Source Parameters for Samhain
play_arrow SAP Enterprise Threat Detection
- SAP Enterprise Threat Detection
- SAP Enterprise Threat Detection DSM Specifications
- SAP Enterprise Threat Detection Alert API Log Source Parameters for SAP Enterprise Threat Detection
- Creating a Pattern Filter on the SAP Server
- Troubleshooting the SAP Enterprise Threat Detection Alert API
- SAP Enterprise Threat Detection Sample Event Message
play_arrow Seculert
- Seculert
- Obtaining an API Key
play_arrow Sentrigo Hedgehog
- Sentrigo Hedgehog
play_arrow SolarWinds Orion
- SolarWinds Orion
- Configuring SolarWinds Orion to Communicate with JSA
- SNMP Log Source Parameters for SolarWinds Orion
- Installing the Java Cryptography Extension on JSA
- Solar Winds Orion Sample Event Message
play_arrow SonicWALL
- SonicWALL
- Configuring SonicWALL to Forward Syslog Events
- Syslog Log Source Parameters for SonicWALL
- SonicWALL Sample Event Messages
play_arrow Sophos
- Sophos
- Sophos Enterprise Console
- Sophos PureMessage
- Sophos Astaro Security Gateway
- Sophos Web Security Appliance
play_arrow Sourcefire Intrusion Sensor
- Sourcefire Intrusion Sensor
- Configuring Sourcefire Intrusion Sensor
- Syslog Log Source Parameters for Sourcefire Intrusion Sensor
play_arrow Splunk
- Splunk
- Collecting Windows Events that are Forwarded from Splunk
- TCP Multiline Syslog Log Source Parameters for Splunk
play_arrow Squid Web Proxy
- Squid Web Proxy
- Configuring Syslog Forwarding
- Syslog Log Source Parameters for Squid Web Proxy
- Squid Web Proxy Sample Event Messages
play_arrow SSH CryptoAuditor
- SSH CryptoAuditor
- Configuring an SSH CryptoAuditor Appliance to Communicate with JSA
play_arrow Starent Networks
- Configuring Starent Networks Device to Forward Syslog Events to JSA
play_arrow STEALTHbits
- STEALTHbits
- STEALTHbits StealthINTERCEPT
- STEALTHbits StealthINTERCEPT Alerts
- STEALTHbits StealthINTERCEPT Analytics
play_arrow Sun
- Sun
- Sun ONE LDAP
- Sun Solaris Basic Security Mode (BSM)
- Sun Solaris DHCP
- Sun Solaris OS
- Sun Solaris Sendmail
play_arrow Suricata
- Suricata
- Suricata DSM Specifications
- Configuring Suricata to Communicate with JSA
- Syslog Log Source Parameters for Suricata
- TLS Syslog Log Source Parameters for Suricata
- Suricata Sample Event Message
play_arrow Sybase ASE
- Sybase ASE
- JDBC Log Source Parameters for Sybase ASE
play_arrow Symantec
- Symantec
- Symantec Critical System Protection
- Symantec Data Loss Prevention (DLP)
- Symantec Endpoint Protection
- Symantec Encryption Management Server
- Symantec SGS
- Symantec System Center
play_arrow SysFlow
- SysFlow
- SysFlow DSM Specifications
- Configuring SysFlow agent to communicate with JSA
- Syslog Log Source Parameters for SysFlow
- SysFlow Sample Event Message
play_arrow ThreatGRID Malware Threat Intelligence Platform
- ThreatGRID Malware Threat Intelligence Platform
- Supported Event Collection Protocols for ThreatGRID Malware Threat Intelligence
- ThreatGRID Malware Threat Intelligence Configuration Overview
play_arrow TippingPoint
- TippingPoint
- TippingPoint Intrusion Prevention System
- TippingPoint X505/X506 Device
play_arrow Top Layer IPS
- Top Layer IPS
play_arrow Townsend Security LogAgent
- Townsend Security LogAgent
- Configuring Raz-Lee ISecurity
- Syslog Log Source Parameters for Raz-Lee i Security
play_arrow Trend Micro
- Trend Micro
- Trend Micro Apex Central
- Trend Micro Apex One
- Trend Micro Control Manager
- Trend Micro Deep Discovery Analyzer
- Trend Micro Deep Discovery Director
- Trend Micro Deep Discovery Email Inspector
- Trend Micro Deep Discovery Inspector
- Trend Micro Deep Security
play_arrow Tripwire
- Tripwire
play_arrow Tropos Control
- Tropos Control
play_arrow Universal CEF
- Universal CEF
play_arrow Universal LEEF
- Universal LEEF
play_arrow Vectra Networks Vectra
- Vectra Networks Vectra
- Configuring Vectra Networks Vectra to Communicate with JSA
- Vectra Networks Vectra Sample Event Messages
play_arrow Venustech Venusense
- Venustech Venusense
- Venusense Configuration Overview
- Configuring a Venusense Syslog Server
- Configuring Venusense Event Filtering
- Syslog Log Source Parameters for Venustech Venusense
play_arrow Verdasys Digital Guardian
- Verdasys Digital Guardian
- Configuring IPtables
- Configuring a Data Export
- Syslog Log Source Parameters for Verdasys Digital Guardian
play_arrow Vericept Content 360 DSM
- Vericept Content 360 DSM
play_arrow VMware
- VMware
- VMware AppDefense
- VMware Carbon Black App Control (formerly known as Carbon Black Protection)
- VMware ESX and ESXi
- VMware VCenter
- VMware VCloud Director
- VMware VShield
play_arrow Vormetric Data Security
- Vormetric Data Security
- Vormetric Data Security DSM Integration Process
- Configuring Your Vormetric Data Security Systems for Communication with JSA
- Configuring Vormetric Data Firewall FS Agents to Bypass Vormetric Data Security Manager
- Syslog Log Source Parameters for Vormetric Data Security
play_arrow WatchGuard Fireware OS
- WatchGuard Fireware OS
- Configuring Your WatchGuard Fireware OS Appliance in Policy Manager for Communication with JSA
- Configuring Your WatchGuard Fireware OS Appliance in Fireware XTM for Communication with JSA
- Syslog Log Source Parameters for WatchGuard Fireware OS
play_arrow Websense
- Websense
play_arrow Zscaler Nanolog Streaming Service
- Zscaler Nanolog Streaming Service
- Zscaler NSS DSM Specifications
- Syslog Log Source Parameters for Zscaler NSS
- Zscaler NSS Sample Event Message
play_arrow Zscaler Private Access
- Zscaler Private Access
- Zscaler Private Access DSM Specifications
- Configuring Zscaler Private Access to Send Events to JSA
- Syslog Log Source Parameters for Zscaler Private Access
- Zscaler Private Access Sample Event Messages
play_arrow JSA Supported DSMs
- JSA Supported DSMs

list Table of Contents

English

keyboard_arrow_right

ForeScout CounterACT Sample Event Messages

date_range 27-Mar-21

arrow_backward

arrow_forward

Use these sample event messages to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

ForeScout CounterACT Sample Messages When You Use the Syslog Protocol

Sample 1: The following sample event message shows that an authentication certificate issuer is detected.

content_copy zoom_out_map
LEEF:1.0|ForeScout|CounterACT|8.0.1-99|agent_auth_issuer|cat=Property sev=1
src=10.84.144.14 usrName=testUser srcMAC=00:00:5E:00:53:00 domain=testDomain
identHostName=testHostName Folder_Name=Authentication Property_Name=Authentication
Certificate Issuer devTime=Mar 7 2019 07:50:32.000 EST devTimeFormat=MMM dd yyyy
HH:mm:ss.SSS z Property_Value=\DC=BLAH\DC=testDomain\CN=testDomain2-CA

Table 1: Highlighted Values in the Forescout CounterACT Sample Event
JSA field name	Highlighted values in the event payload
Event ID	agent_auth_issuer
Category	Property
Source IP	10.84.144.14
Username	testUser
Device Time	Mar 7 2019 07:50:32.000 EST

Sample 2: The following sample event message shows when the last credentials succeeded on this host.

content_copy zoom_out_map
LEEF:1.0|ForeScout|CounterACT|8.0.1-99|cached_credentials|cat=Property sev=1
src=192.168.74.25 usrName=qradar1 srcMAC=00:00:5E:00:53:C8 domain=testDomain
identHostName=D-q1labs1 Folder_Name= Property_Name=Last credentials to succeed on this
host devTime=Mar 26 2019 15:56:14.000 PDT devTimeFormat=MMM dd yyyy HH:mm:ss.SSS z
Property_Value=admin1@example.test2001:db8:4D1C:A2FA:3EC9:C66D:8522:B7A4

Table 2: Highlighted Values in the Forescout CounterACT Sample Event
JSA field name	Highlighted values in the event payload
Event ID	cached_credentials
Category	Property
Source IP	192.168.74.25
Username	qradar1
Device Time	Mar 26 2019 15:56:14.000 PDT

arrow_backward PREVIOUS Configuring ForeScout CounterACT Policies

NEXT arrow_forward Fortinet FortiGate Security Gateway

footer-navigation