Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Event Collection from Third-party Devices
- Event Collection from Third-party Devices
- Adding a DSM
play_arrow Introduction to Log Source Management
- Introduction to Log Source Management
- Adding a Log Source
- Adding a Log Source by using the Log Sources Icon
- Adding Bulk Log Sources
- Adding Bulk Log Source by using the Log Sources Icon
- Editing Bulk Log Sources
- Editing Bulk Log Sources by using the Log Sources icon
- Adding a Log Source Parsing Order
- Testing Log Sources
- Log Source Groups
play_arrow Gateway Log Source
- Gateway Log Source
- Log Source Identifier Pattern
play_arrow Log Source Extensions
- Log Source Extensions
- Patterns in Log Source Extension Documents
- Match Groups
- Extension Document Template
- Creating a Log Source Extensions Document to get data into JSA
- Examples of Parsing Issues
play_arrow Manage Log Source Extensions
- Log Source Extension Management
- Adding a Log Source Extension
play_arrow Threat Use Cases by Log Source Type
- Threat Use Cases by Log Source Type
play_arrow Troubleshooting DSMs
- Troubleshooting DSMs
play_arrow Protocols
- Undocumented protocols
- Protocol Configuration Options
play_arrow Universal Cloud REST API Protocol
- Universal Cloud REST API Protocol
- Workflow
- Workflow Parameter Values
- State
- Actions
- JPath
- Command Line Testing Tool
play_arrow Protocols that Support Certificate Management
- Protocols that support Certificate Management
play_arrow 3Com Switch 8800
- 3Com Switch 8800
- Configuring Your 3COM Switch 8800
play_arrow AhnLab Policy Center
- AhnLab Policy Center
play_arrow Akamai KONA
- Akamai Kona
- Configure an Akamai Kona Log Source by using the HTTP Receiver Protocol
- Configure an Akamai Kona Log Source by using the Akamai Kona REST API Protocol
- Configuring Akamai Kona to Communicate with JSA
- Creating an Event Map for Akamai Kona Events
- Modifying the Event Map for Akamai Kona
- Akamai Kona Sample Event Messages
play_arrow Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs DSM Specifications
- Publishing Flow Logs to an S3 Bucket
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS Application Load Balancer Access Logs
- Amazon AWS Application Load Balancer Access Logs Sample Event Message
play_arrow Amazon AWS CloudTrail
- Amazon AWS CloudTrail
- Configuring an Amazon AWS CloudTrail Log Source by using the Amazon AWS S3 REST API Protocol
- Configuring an Amazon AWS CloudTrail Log Source by using the Amazon Web Services Protocol
- Amazon AWS CloudTrail Sample Event Message
play_arrow Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service DSM Specifications
- Configuring Amazon Elastic Kubernetes Service to Communicate with JSA
- Configuring Security Credentials for your AWS User Account
- Amazon Web Services Log Source Parameters for Amazon AWS Elastic Kubernetes Service
- Amazon AWS Elastic Kubernetes Service Sample Event Messages
play_arrow Amazon AWS Network Firewall
- Amazon AWS Network Firewall
- Amazon AWS Network Firewall DSM Specifications
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for Your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS Network Firewall
- AWS Network Firewall Sample Event Messages
play_arrow Amazon AWS Route 53
- Amazon AWS Route 53
- Amazon AWS Route 53 DSM Specifications
- Configuring an Amazon AWS Route 53 Log Source by using the Amazon Web Services Protocol and CloudWatch Logs
- Configuring an Amazon AWS Route 53 Log Source by using an S3 Bucket with an SQS Queue
- Configuring an Amazon AWS Route 53 Log Source by using an S3 Bucket with a Directory Prefix
- Amazon AWS Route 53 Sample Event Messages
play_arrow Amazon AWS Security Hub
- Amazon AWS Security Hub
- Creating an EventBridge Rule for Sending Events
- Creating an Identity and Access (IAM) User in the AWS Management Console When Using the Amazon Web Services
- Amazon AWS Security Hub DSM specifications
- Amazon AWS Security Hub Sample Event Message
play_arrow Amazon AWS WAF
- Amazon AWS WAF
- Amazon AWS WAF DSM Specifications
- Configuring Amazon AWS WAF to Communicate with JSA
- Configuring Security Credentials for your AWS User Account
- Amazon AWS S3 REST API Log Source Parameters for Amazon AWS WAF
- Amazon AWS WAF Sample Event Messages
play_arrow Amazon GuardDuty
- Amazon GuardDuty
- Configuring an Amazon GuardDuty Log Source by using the Amazon Web Services Protocol
- Creating an EventBridge Rule for Sending Events
- Creating an Identity and Access (IAM) User in the AWS Management Console
- Configuring an Amazon GuardDuty Log Source by using the Amazon AWS S3 REST API Protocol
- Configuring Amazon GuardDuty to Forward Events to an AWS S3 Bucket
- Amazon GuardDuty Sample Event Messages
play_arrow Ambiron TrustWave IpAngel
- Ambiron TrustWave IpAngel
play_arrow Amazon VPC Flow Logs
- Amazon VPC Flow Logs
- Amazon VPC Flow Logs Specifications
- Publishing Flow Logs to an S3 Bucket
- Create the SQS Queue that is Used to Receive ObjectCreated Notifications
- Configuring Security Credentials for your AWS User Account
play_arrow APC UPS
- APC UPS
- Configuring Your APC UPS to Forward Syslog Events
- APC UPS Sample Event Message
play_arrow Apache HTTP Server
- Apache HTTP Server
- Configuring Apache HTTP Server with Syslog
- Syslog Log Source Parameters for Apache HTTP Server
- Configuring Apache HTTP Server with Syslog-ng
- Syslog Log Source Parameters for Apache HTTP Server
- Apache HTTP Server Sample Event Messages
play_arrow Apple Mac OS X
- Apple Mac OS X
- Apple Mac OS X DSM Specifications
- Syslog Log Source Parameters for Apple Mac OS X
- Configuring Syslog on Your Apple Mac OS X
- Sample Event Message
play_arrow Application Security DbProtect
- Application Security DbProtect
- Installing the DbProtect LEEF Relay Module
- Configuring the DbProtect LEEF Relay
- Configuring DbProtect Alerts
play_arrow Arbor Networks
- Arbor Networks
- Arbor Networks Peakflow SP
- Arbor Networks Pravail
play_arrow Arpeggio SIFT-IT
- Arpeggio SIFT-IT
- Configuring a SIFT-IT Agent
- Syslog Log Source Parameters for Arpeggio SIFT-IT
- Additional Information
play_arrow Array Networks SSL VPN
- Array Networks SSL VPN
- Syslog Log Source Parameters for Array Networks SSL VPN
play_arrow Aruba Networks
- Aruba Networks
- Aruba ClearPass Policy Manager
- Aruba Introspect
- Aruba Mobility Controllers
play_arrow Avaya VPN Gateway
- Avaya VPN Gateway
- Avaya VPN Gateway DSM Integration Process
- Configuring Your Avaya VPN Gateway System for Communication with JSA
- Syslog Log Source Parameters for Avaya VPN Gateway
- Avaya VPN Gateway Sample Event Messages
play_arrow BalaBit IT Security
- BalaBit IT Security
- BalaBIt IT Security for Microsoft Windows Events
- BalaBit IT Security for Microsoft ISA or TMG Events
play_arrow Barracuda
- Barracuda
- Barracuda Spam & Virus Firewall
- Barracuda Web Application Firewall
- Barracuda Web Filter
play_arrow BeyondTrust PowerBroker
- BeyondTrust PowerBroker
- Syslog Log Source Parameters for BeyondTrust PowerBroker
- TLS Syslog Log Source Parameters for BeyondTrust PowerBroker
- Configuring BeyondTrust PowerBroker to Communicate with JSA
- BeyondTrust PowerBroker DSM Specifications
- BeyondTrust PowerBroker Sample Event Messages
play_arrow BlueCat Networks Adonis
- BlueCat Networks Adonis
- Supported Event Types
- Event Type Format
- Configuring BlueCat Adonis
- Syslog Log Source Parameters for BlueCat Networks Adonis
play_arrow Blue Coat SG
- Blue Coat
- Blue Coat SG
- Creating a Custom Event Format for Blue Coat SG
- Creating a Log Facility
- Enabling Access Logging
- Configuring Blue Coat SG for FTP Uploads
- Syslog Log Source Parameters for Blue Coat SG
- Log File Log Source Parameters for Blue Coat SG
- Configuring Blue Coat SG for Syslog
- Creating Extra Custom Format Key-value Pairs
- Blue Coat SG Sample Event Messages
play_arrow Blue Coat Web Security Service
- Blue Coat Web Security Service
- Configuring Blue Coat Web Security Service to Communicate with JSA
- Sample Event Message
play_arrow Box
- Box
- Configuring Box to Communicate with JSA
- Box Sample Event Messages
play_arrow Bridgewater
- Bridgewater
- Configuring Syslog for Your Bridgewater Systems Device
- Syslog Log Source Parameters for Bridgewater Systems
play_arrow Broadcom
- Broadcom
- Broadcom CA ACF2
- Broadcom CA Top Secret
- Broadcom Symantec SiteMinder
play_arrow Brocade Fabric OS
- Brocade Fabric OS
- Configuring Syslog for Brocade Fabric OS Appliances
- Brocade Fabric OS Sample Event Messages
play_arrow Carbon Black
- Carbon Black
- Carbon Black Bit9 Parity
- Bit9 Security Platform
play_arrow Centrify
- Centrify
- Centrify Identity Platform
- Centrify Identity Platform DSM specifications
- Configuring Centrify Identity Platform to communicate with JSA
- Centrify Infrastructure Services
- Configuring WinCollect Agent to Collect Event Logs from Centrify Infrastructure Services
- Configuring Centrify Infrastructure Services on a UNIX or Linux Device to Communicate with JSA
play_arrow Check Point
- Check Point
- Integrate Check Point by using Syslog
- Integrate Check Point by using OPSEC
- Integrating Check Point by using TLS Syslog
- Integration of Check Point Firewall Events from External Syslog Forwarders
- Check Point Multi-Domain Management (Provider-1)
play_arrow Cilasoft QJRN/400
- Cilasoft QJRN/400
- Configuring Cilasoft QJRN/400
- Syslog Log Source Parameters for Cilasoft QJRN/400
play_arrow Cisco
- Cisco
- Cisco ACE Firewall
- Configuring Cisco Aironet to Forward Events
- Cisco ACS
- Cisco ASA
- Cisco AMP
- Cisco CallManager
- Cisco CatOS for Catalyst Switches
- Cisco Cloud Web Security
- Cisco CSA
- Cisco Firepower Management Center
- Cisco Firepower Threat Defense
- Cisco FWSM
- Cisco Identity Services Engine
- Cisco IDS/IPS
- Cisco IOS
- Cisco IronPort
- Cisco Meraki
- Cisco NAC
- Cisco Nexus
- Cisco Pix
- Cisco Stealthwatch
- Cisco Umbrella
- Cisco VPN 3000 Concentrator
- Cisco Wireless LAN Controllers
- Cisco Wireless Services Module
play_arrow Citrix
- Citrix
- Citrix Access Gateway
- Citrix NetScaler
play_arrow Cloudera Navigator
- Cloudera Navigator
- Configuring Cloudera Navigator to Communicate with JSA
play_arrow Cloudflare Logs
- Cloudflare Logs
- Cloudflare Logs DSM Specifications
- Configure Cloudflare to send Events to JSA when you use the HTTP Receiver Protocol
- Configuring Cloudflare Logs to Send Events to JSA when you use the Amazon S3 REST API Protocol
- Create an SQS Queue and Configure S3 ObjectCreated Notifications
- Configuring Security Credentials for Your AWS User Account
- HTTP Receiver Log Source Parameters for Cloudflare Logs
- Amazon AWS S3 REST API Log Source Parameters for Cloudflare Logs
- Cloudflare Logs Sample Event Messages
play_arrow CloudPassage Halo
- CloudPassage Halo
- Configuring CloudPassage Halo for Communication with JSA
- Syslog Log Source Parameters for CloudPassage Halo
- Log File Log Source Parameters for CloudPassage Halo
play_arrow CloudLock Cloud Security Fabric
- CloudLock Cloud Security Fabric
- Configuring CloudLock Cloud Security Fabric to Communicate with JSA
play_arrow Correlog Agent for IBM Z/OS
- Correlog Agent for IBM Z/OS
- Configuring Your CorreLog Agent System for Communication with JSA
play_arrow CrowdStrike Falcon
- CrowdStrike Falcon
- CrowdStrike Falcon DSM Specifications
- Configuring CrowdStrike Falcon to Communicate with JSA
- Syslog Log Source Parameters for CrowdStrike Falcon
- CrowdStrike Falcon Host Sample Event Message
play_arrow CRYPTOCard CRYPTO-Shield
- CRYPTOCard CRYPTO-Shield
- Configuring Syslog for CRYPTOCard CRYPTO-Shield
- Syslog Log Source Parameters for CRYPTOCard CRYPTO-Shield
play_arrow CyberArk
- CyberArk
- CyberArk Privileged Threat Analytics
- CyberArk Vault
play_arrow CyberGuard Firewall/VPN Appliance
- CyberGuard Firewall/VPN Appliance
- Configuring Syslog Events
- Syslog Log Source Parameters for CyberGuard
play_arrow Damballa Failsafe
- Damballa Failsafe
- Configuring Syslog for Damballa Failsafe
- Syslog Log Source Parameters for Damballa Failsafe
play_arrow DG Technology MEAS
- DG Technology MEAS
- Configuring Your DG Technology MEAS System for Communication with JSA
play_arrow Digital China Networks (DCN)
- Digital China Networks (DCN)
- Configuring a DCN DCS/DCRS Series Switch
- Syslog Log Source Parameters for DCN DCS/DCRS Series Switches
play_arrow Enterprise-IT-Security.com SF-Sherlock
- Enterprise-IT-Security.com SF-Sherlock
- Configuring Enterprise-IT-Security.com SF-Sherlock to Communicate with JSA
play_arrow Epic SIEM
- Epic SIEM
- Configuring Epic SIEM 2014 to Communicate with JSA
- Configuring Epic SIEM 2015 to Communicate with JSA
- Configuring Epic SIEM 2017 to Communicate with JSA
play_arrow ESET Remote Administrator
- ESET Remote Administrator
- Configuring ESET Remote Administrator to Communicate with JSA
play_arrow Exabeam
- Exabeam
- Configuring Exabeam to Communicate with JSA
- Exabeam Sample Event Message
play_arrow Extreme
- Extreme
- Extreme 800-Series Switch
- Extreme Dragon
- Extreme HiGuard Wireless IPS
- Extreme HiPath Wireless Controller
- Extreme Matrix Router
- Extreme Matrix K/N/S Series Switch
- Extreme NetSight Automatic Security Manager
- Extreme NAC
- Configuring Extreme Stackable and Stand-alone Switches
- Extreme Networks ExtremeWare
- Extreme XSR Security Router
play_arrow F5 Networks
- F5 Networks
- F5 Networks BIG-IP AFM
- F5 Networks BIG-IP APM
- F5 Networks BIG-IP ASM
- F5 Networks BIG-IP LTM
- F5 Networks FirePass
play_arrow Fair Warning
- Fair Warning
- Log File Log Source Parameters for Fair Warning
- Fair Warning Sample Event Messages
play_arrow Fasoo Enterprise DRM
- Fasoo Enterprise DRM
- Configuring Fasoo Enterprise DRM to Communicate with JSA
play_arrow Fidelis XPS
- Fidelis XPS
- Configuring Fidelis XPS
- Syslog Log Source Parameters for Fidelis XPS
- Fidelis XPS Sample Event Messages
play_arrow FireEye
- FireEye
- Configuring Your FireEye System for Communication with JSA
- Configuring Your FireEye HX System for Communication with JSA
- Configuring a FireEye Log Source in JSA
- FireEye Sample Event Message
play_arrow Forcepoint
- Forcepoint
- Forcepoint Stonesoft Management Center
- Forcepoint Sidewinder
- Forcepoint TRITON
- Forcepoint V-Series Data Security Suite
- Forcepoint V-Series Content Gateway
play_arrow ForeScout CounterACT
- ForeScout CounterACT
- Syslog Log Source Parameters for ForeScout CounterACT
- Configuring the ForeScout CounterACT Plug-in
- Configuring ForeScout CounterACT Policies
- ForeScout CounterACT Sample Event Messages
play_arrow Fortinet FortiGate
- Fortinet FortiGate Security Gateway
- Configuring a Syslog Destination on Your Fortinet FortiGate Security Gateway Device
- Configuring a Syslog Destination on Your Fortinet FortiAnalyzer Device
- Fortinet FortiGate Security Gateway Sample Event Messages
- Configuring JSA to Categorize App Ctrl Events for Fortinet Fortigate Security Gateway
play_arrow Foundry FastIron
- Foundry FastIron
- Configuring Syslog for Foundry FastIron
- Syslog Log Source Parameters for Foundry FastIron
play_arrow FreeRADIUS
- FreeRADIUS
- Configuring Your FreeRADIUS Device to Communicate with JSA
play_arrow Generic
- Generic
- Generic authorization Server
- Generic firewall
play_arrow Google Cloud Audit Logs
- Google Cloud Audit Logs
- Google Cloud Audit Logs DSM Specifications
- Configuring Google Cloud Audit Logs to Communicate with JSA
- Google Cloud Pub/Sub Protocol Log Source parameters for Google Cloud Audit Logs
- Google Cloud Audit Logs Sample Event Messages
play_arrow Genua Genugate
- Genua Genugate
- Configuring Genua Genugate to Send Events to JSA
- Genua Genugate Sample Event Messages
play_arrow Google Cloud Platform Firewall
- Google Cloud Platform Firewall
- Google Cloud Platform Firewall DSM Specifications
- Configuring Google Cloud Platform Firewall to Communicate with JSA
- Google Cloud Pub/Sub Log Source Parameters for Google Cloud Platform Firewall
- Sample Event Message
play_arrow Google G Suite Activity Reports
- Google G Suite Activity Reports
- Google G Suite Activity Reports DSM Specifications
- Configuring Google G Suite Activity Reports to Communicate with JSA
- Assigning a Role to a User
- Creating a Service Account with Viewer Access
- Granting API Client Access to a Service Account
- Google G Suite Activity Reports Log Source Parameters
- Google G Suite Activity Reports Sample Event Messages
- Troubleshooting Google G Suite Activity Reports
play_arrow Great Bay Beacon
- Great Bay Beacon
- Configuring Syslog for Great Bay Beacon
- Syslog Log Source Parameters for Great Bay Beacon
play_arrow H3C Technologies
- H3C Technologies
- H3C Comware Platform
play_arrow HBGary Active Defense
- HBGary Active Defense
- Configuring HBGary Active Defense
- Syslog Log Source Parameters for HBGary Active Defense
play_arrow HCL BigFix (formerly known as IBM BigFix)
- HCL BigFix (formerly known as IBM BigFix)
play_arrow Honeycomb Lexicon File Integrity Monitor (FIM)
- Honeycomb Lexicon File Integrity Monitor (FIM)
- Supported Honeycomb FIM Event Types Logged by JSA
- Configuring the Lexicon Mesh Service
- Syslog Log Source Parameters for Honeycomb Lexicon File Integrity Monitor
play_arrow Hewlett Packard Enterprise
- Hewlett Packard Enterprise
- HPE Network Automation
- Configuring HPE Network Automation Software to Communicate with JSA
- HPE ProCurve
- HPE Tandem
- Hewlett Packard Enterprise UniX (HPE-UX)
play_arrow Huawei
- Huawei
- Huawei AR Series Router
- Huawei S Series Switch
play_arrow HyTrust CloudControl
- HyTrust CloudControl
- Configuring HyTrust CloudControl to Communicate with JSA
play_arrow IBM
- IBM
- IBM AIX DSMs
- IBMi
- IBM DB2
- IBM BigFix Detect
- IBM Cloud Platform (formerly known as IBM Bluemix Platform)
- IBM CICS
- IBM DataPower
- IBM DLC Metrics
- IBM Federated Directory Server
- IBM MaaS360 Security
- IBM Guardium
- IBM IMS
- IBM Informix Audit
- IBM Lotus Domino
- IBM Privileged Session Recorder
- IBM Proventia
- IBM RACF
- IBM SAN Volume Controller
- IBM Security Directory Server
- IBM Security Identity Governance
- IBM Security Network IPS (GX)
- IBM Network Security (XGS)
- IBM Security Trusteer
- IBM Security Trusteer Apex Advanced Malware Protection
- IBM Security Trusteer Apex Local Event Aggregator
- IBM Sense
- IBM SmartCloud Orchestrator
- IBM Tivoli Access Manager for E-business
- IBM Web Sphere Application Server
- IBM WebSphere DataPower
- IBM Z/OS
- IBM zSecure Alert
play_arrow ISC BIND
- ISC BIND
- ISC BIND DSM Specifications
- Syslog Log Source Parameters for ISC BIND
- ISC BIND Sample Event Message
play_arrow Illumio Adaptive Security Platform
- Illumio Adaptive Security Platform
- Configuring Illumio Adaptive Security Platform to Communicate with JSA
play_arrow Imperva Incapsula
- Imperva Incapsula
play_arrow Imperva SecureSphere
- Imperva SecureSphere
- Configuring an Alert Action for Imperva SecureSphere
- Configuring a System Event Action for Imperva SecureSphere
- Configuring Imperva SecureSphere V11.0 to V13 to Send Database Audit Records to JSA
play_arrow Infoblox NIOS
- Infoblox NIOS
- Infoblox NIOS DSM Specifications
- Infoblox NIOS Sample Event Message
play_arrow IT-CUBE AgileSI
- IT-CUBE AgileSI
- Configuring AgileSI to Forward Events
- SMB Tail Log Source Parameters for iT-CUBE AgileSI
play_arrow Itron Smart Meter
- Itron Smart Meter
play_arrow Juniper Networks
- Juniper Networks
- Juniper Networks AVT
- Juniper Networks DDoS Secure
- Juniper Networks DX Application Acceleration Platform
- Juniper Networks EX Series Ethernet Switch
- Juniper Networks IDP
- Juniper Networks Infranet Controller
- Juniper Networks Firewall and VPN
- Juniper Networks Junos OS
- Juniper Networks Network and Security Manager
- Juniper Networks Secure Access
- Juniper Networks Security Binary Log Collector
- Juniper Networks Steel-Belted Radius
- Juniper Networks VGW Virtual Gateway
- Juniper Networks Junos OS WebApp Secure
- Juniper Networks WLC Series Wireless LAN Controller
play_arrow Kaspersky
- Kaspersky
- Kaspersky CyberTrace
- Kaspersky Security Center
play_arrow Kisco Information Systems SafeNet/i
- Kisco Information Systems SafeNet/i
- Configuring Kisco Information Systems SafeNet/i to Communicate with JSA
play_arrow Kubernetes Auditing
- Kubernetes Auditing
- Kubernetes Auditing DSM Specifications
- Configuring Kubernetes Auditing to Communicate with JSA
- Kubernetes Auditing Log Source Parameters
- Kubernetes Auditing Sample Event Message
play_arrow Lastline Enterprise
- Lastline Enterprise
- Configuring Lastline Enterprise to Communicate with JSA
play_arrow Lieberman Random Password Manager
- Lieberman Random Password Manager
play_arrow LightCyber Magna
- LightCyber Magna
- Configuring LightCyber Magna to Communicate with JSA
play_arrow Linux
- Linux
- Linux DHCP Server
- Linux IPtables
- Linux OS
play_arrow LOGbinder
- LOGbinder
- LOGbinder EX Event Collection from Microsoft Exchange Server
- LOGbinder SP Event Collection from Microsoft SharePoint
- LOGbinder SQL Event Collection from Microsoft SQL Server
play_arrow McAfee
- McAfee
- JDBC Log Source Parameters for McAfee Application/ Change Control
- McAfee EPolicy Orchestrator
- McAfee MVISION Cloud (formerly known as Skyhigh Networks Cloud Security Platform)
- McAfee Network Security Platform (formerly known as McAfee Intrushield)
- McAfee Web Gateway
play_arrow MetaInfo MetaIP
- Syslog Log Source Parameters for MetaInfo MetaIP
play_arrow Microsoft
- Microsoft
- Microsoft 365 Defender
- Microsoft Azure Active Directory
- Microsoft Azure Platform
- Microsoft Azure Security Center
- Microsoft DHCP Server
- Microsoft DNS Debug
- Microsoft Endpoint Protection
- Microsoft Exchange Server
- Microsoft Hyper-V
- Microsoft IAS Server
- Microsoft IIS Server
- Microsoft ISA
- Microsoft Office 365
- Microsoft Office 365 Message Trace
- JDBC Log Source Parameters for Microsoft Operations Manager
- Microsoft SharePoint
- Microsoft SQL Server
- JDBC Log Source Parameters for Microsoft System Center Operations Manager
- Microsoft Windows Security Event Log
play_arrow Motorola Symbol AP
- Motorola Symbol AP
- Syslog Log Source Parameters for Motorola SymbolAP
- Configure Syslog Events for Motorola Symbol AP
play_arrow Name Value Pair
- Name Value Pair
play_arrow NCC Group DDoS Secure
- NCC Group DDoS Secure
- Configuring NCC Group DDoS Secure to Communicate with JSA
play_arrow NetApp Data ONTAP
- NetApp Data ONTAP
play_arrow Netgate pfSense
- Netgate pfSense
- Netgate pfSense DSM Specifications
- Configuring Netgate pfSense to Communicate with JSA
- Syslog Log Source Parameters for Netgate pfSense
- Sample Event Message
play_arrow Netskope Active
- Netskope Active
- Netskope Active REST API Log Source Parameters for Netskope Active
- Netskope Active Sample Event Message
play_arrow NGINX HTTP Server
- NGINX HTTP Server
- NGINX HTTP Server DSM Specifications
- NGINX HTTP Server Sample Event Message
play_arrow Niksun
- Niksun
play_arrow Nokia Firewall
- Nokia Firewall
- Integration with a Nokia Firewall by Using Syslog
- Integration with a Nokia Firewall by Using OPSEC
play_arrow Nominum Vantio
- Nominum Vantio
play_arrow Nortel Networks
- Nortel Networks
- Nortel Multiprotocol Router
- Nortel Application Switch
- Nortel Contivity
- Nortel Ethernet Routing Switch 2500/4500/5500
- Nortel Ethernet Routing Switch 8300/8600
- Nortel Secure Router
- Nortel Secure Network Access Switch
- Nortel Switched Firewall 5100
- Nortel Switched Firewall 6000
- Nortel Threat Protection System (TPS)
- Nortel VPN Gateway
play_arrow Novell EDirectory
- Novell EDirectory
- Configuring XDASv2 to Forward Events
- Loading the XDASv2 Module
- Loading the XDASv2 on a Linux Operating System
- Loading the XDASv2 on a Windows Operating System
- Configuring Event Auditing Using Novell IManager
- Configuring a Log Source
- Novell eDirectory Sample Event Message
play_arrow Observe IT JDBC
- Observe IT JDBC
play_arrow Okta
- Okta
play_arrow Onapsis Security Platform
- Onapsis Security Platform
- Configuring Onapsis Security Platform to Communicate with JSA
play_arrow OpenBSD
- OpenBSD
- Syslog Log Source Parameters for OpenBSD
- Configuring Syslog for OpenBSD
play_arrow Open LDAP
- Open LDAP
- UDP Multiline Syslog Log Source Parameters for Open LDAP
- Configuring IPtables for Multiline UDP Syslog Events
- Configuring Event Forwarding for Open LDAP
play_arrow Open Source SNORT
- Open Source SNORT
- Configuring Open Source SNORT
- Syslog Log Source Parameters for Open Source SNORT
play_arrow OpenStack
- OpenStack
- Configuring OpenStack to Communicate with JSA
play_arrow Oracle
- Oracle
- Oracle Acme Packet Session Border Controller
- Oracle Audit Vault
- Oracle BEA WebLogic
- Oracle RDBMS Audit Record
- Oracle DB Listener
- Oracle Directory Server overview
- Oracle Enterprise Manager
- Oracle Fine Grained Auditing
- Oracle RDBMS OS Audit Record
- osquery
play_arrow OSSEC
- OSSEC
- Configuring OSSEC
- Syslog Log Source Parameters for OSSEC
play_arrow Palo Alto Networks
- Palo Alto Networks
- Palo Alto Endpoint Security Manager
- Palo Alto Networks PA Series
play_arrow Pirean Access: One
- Pirean Access: One
- JDBC log source parameters for Pirean Access: One
play_arrow PostFix Mail Transfer Agent
- PostFix Mail Transfer Agent
- Configuring Syslog for PostFix Mail Transfer Agent
- UDP Multiline Syslog Log Source Parameters for PostFix MTA
- Configuring IPtables for Multiline UDP Syslog Events
- PostFix Mail Transfer Agent Sample Event Messages
play_arrow ProFTPd
- ProFTPd
- Configuring ProFTPd
- Syslog Log Source Parameters for ProFTPd
play_arrow Proofpoint Enterprise Protection and Enterprise Privacy
- Proofpoint Enterprise Protection and Enterprise Privacy
- Configuring Proofpoint Enterprise Protection and Enterprise Privacy DSM to Communicate with JSA
- Syslog Log Source Parameters for Proofpoint Enterprise Protection and Enterprise Privacy
play_arrow Pulse Secure
- Pulse Secure
play_arrow Pulse Secure Infranet Controller
- Pulse Secure Infranet Controller
play_arrow Pulse Secure Pulse Connect Secure
- Pulse Secure Pulse Connect Secure
- Configuring a Pulse Secure Pulse Connect Secure Device to Send WebTrends Enhanced Log File (WELF) Events to JSA
- Configuring a Pulse Secure Pulse Connect Secure Device to Send Syslog Events to JSA
- Pulse Secure Pulse Connect Secure Sample Event Message
play_arrow Radware
- Radware
- Radware AppWall
- Radware DefensePro
play_arrow Raz-Lee ISecurity
- Raz-Lee ISecurity
- Configuring Raz-Lee ISecurity to Communicate with JSA
- Syslog Log Source Parameters for Raz-Lee iSecurity
play_arrow Redback ASE
- Redback ASE
- Configuring Redback ASE
- Syslog Log Source Parameters for Redback ASE
play_arrow Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes DSM Specifications
- Configuring Red Hat Advanced Cluster Security for Kubernetes to Communicate with JSA
- HTTP Receiver Log Source Parameters for Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Security for Kubernetes Sample Event Messages
play_arrow Resolution1 CyberSecurity
- Resolution1 CyberSecurity
- Configuring Your Resolution1 CyberSecurity Device to Communicate with JSA
- Log File Log Source Parameters for Resolution1 CyberSecurity
play_arrow Riverbed
- Riverbed
- Riverbed SteelCentral NetProfiler (Cascade Profiler) Audit
- Riverbed SteelCentral NetProfiler (Cascade Profiler) Alert
play_arrow RSA Authentication Manager
- RSA Authentication Manager
- Configuration Of Syslog for RSA Authentication Manager 6.x, 7.x and 8.x
- Configuring Linux
- Configuring Windows
- Configuring the Log File Protocol for RSA Authentication Manager 6.x and 7.x
- Configuring RSA Authentication Manager 6.x
- Configuring RSA Authentication Manager 7.x
play_arrow SafeNet DataSecure
- SafeNet DataSecure
- Configuring SafeNet DataSecure to communicate with JSA
play_arrow Salesforce
- Salesforce
- Salesforce Security
- Salesforce Security Auditing
play_arrow Samhain Labs
- Samhain Labs
- Configuring Syslog to Collect Samhain Events
- JDBC Log Source Parameters for Samhain
play_arrow SAP Enterprise Threat Detection
- SAP Enterprise Threat Detection
- SAP Enterprise Threat Detection DSM Specifications
- SAP Enterprise Threat Detection Alert API Log Source Parameters for SAP Enterprise Threat Detection
- Creating a Pattern Filter on the SAP Server
- Troubleshooting the SAP Enterprise Threat Detection Alert API
- SAP Enterprise Threat Detection Sample Event Message
play_arrow Seculert
- Seculert
- Obtaining an API Key
play_arrow Sentrigo Hedgehog
- Sentrigo Hedgehog
play_arrow SolarWinds Orion
- SolarWinds Orion
- Configuring SolarWinds Orion to Communicate with JSA
- SNMP Log Source Parameters for SolarWinds Orion
- Installing the Java Cryptography Extension on JSA
- Solar Winds Orion Sample Event Message
play_arrow SonicWALL
- SonicWALL
- Configuring SonicWALL to Forward Syslog Events
- Syslog Log Source Parameters for SonicWALL
- SonicWALL Sample Event Messages
play_arrow Sophos
- Sophos
- Sophos Enterprise Console
- Sophos PureMessage
- Sophos Astaro Security Gateway
- Sophos Web Security Appliance
play_arrow Sourcefire Intrusion Sensor
- Sourcefire Intrusion Sensor
- Configuring Sourcefire Intrusion Sensor
- Syslog Log Source Parameters for Sourcefire Intrusion Sensor
play_arrow Splunk
- Splunk
- Collecting Windows Events that are Forwarded from Splunk
- TCP Multiline Syslog Log Source Parameters for Splunk
play_arrow Squid Web Proxy
- Squid Web Proxy
- Configuring Syslog Forwarding
- Syslog Log Source Parameters for Squid Web Proxy
- Squid Web Proxy Sample Event Messages
play_arrow SSH CryptoAuditor
- SSH CryptoAuditor
- Configuring an SSH CryptoAuditor Appliance to Communicate with JSA
play_arrow Starent Networks
- Configuring Starent Networks Device to Forward Syslog Events to JSA
play_arrow STEALTHbits
- STEALTHbits
- STEALTHbits StealthINTERCEPT
- STEALTHbits StealthINTERCEPT Alerts
- STEALTHbits StealthINTERCEPT Analytics
play_arrow Sun
- Sun
- Sun ONE LDAP
- Sun Solaris Basic Security Mode (BSM)
- Sun Solaris DHCP
- Sun Solaris OS
- Sun Solaris Sendmail
play_arrow Suricata
- Suricata
- Suricata DSM Specifications
- Configuring Suricata to Communicate with JSA
- Syslog Log Source Parameters for Suricata
- TLS Syslog Log Source Parameters for Suricata
- Suricata Sample Event Message
play_arrow Sybase ASE
- Sybase ASE
- JDBC Log Source Parameters for Sybase ASE
play_arrow Symantec
- Symantec
- Symantec Critical System Protection
- Symantec Data Loss Prevention (DLP)
- Symantec Endpoint Protection
- Symantec Encryption Management Server
- Symantec SGS
- Symantec System Center
play_arrow SysFlow
- SysFlow
- SysFlow DSM Specifications
- Configuring SysFlow agent to communicate with JSA
- Syslog Log Source Parameters for SysFlow
- SysFlow Sample Event Message
play_arrow ThreatGRID Malware Threat Intelligence Platform
- ThreatGRID Malware Threat Intelligence Platform
- Supported Event Collection Protocols for ThreatGRID Malware Threat Intelligence
- ThreatGRID Malware Threat Intelligence Configuration Overview
play_arrow TippingPoint
- TippingPoint
- TippingPoint Intrusion Prevention System
- TippingPoint X505/X506 Device
play_arrow Top Layer IPS
- Top Layer IPS
play_arrow Townsend Security LogAgent
- Townsend Security LogAgent
- Configuring Raz-Lee ISecurity
- Syslog Log Source Parameters for Raz-Lee i Security
play_arrow Trend Micro
- Trend Micro
- Trend Micro Apex Central
- Trend Micro Apex One
- Trend Micro Control Manager
- Trend Micro Deep Discovery Analyzer
- Trend Micro Deep Discovery Director
- Trend Micro Deep Discovery Email Inspector
- Trend Micro Deep Discovery Inspector
- Trend Micro Deep Security
play_arrow Tripwire
- Tripwire
play_arrow Tropos Control
- Tropos Control
play_arrow Universal CEF
- Universal CEF
play_arrow Universal LEEF
- Universal LEEF
play_arrow Vectra Networks Vectra
- Vectra Networks Vectra
- Configuring Vectra Networks Vectra to Communicate with JSA
- Vectra Networks Vectra Sample Event Messages
play_arrow Venustech Venusense
- Venustech Venusense
- Venusense Configuration Overview
- Configuring a Venusense Syslog Server
- Configuring Venusense Event Filtering
- Syslog Log Source Parameters for Venustech Venusense
play_arrow Verdasys Digital Guardian
- Verdasys Digital Guardian
- Configuring IPtables
- Configuring a Data Export
- Syslog Log Source Parameters for Verdasys Digital Guardian
play_arrow Vericept Content 360 DSM
- Vericept Content 360 DSM
play_arrow VMware
- VMware
- VMware AppDefense
- VMware Carbon Black App Control (formerly known as Carbon Black Protection)
- VMware ESX and ESXi
- VMware VCenter
- VMware VCloud Director
- VMware VShield
play_arrow Vormetric Data Security
- Vormetric Data Security
- Vormetric Data Security DSM Integration Process
- Configuring Your Vormetric Data Security Systems for Communication with JSA
- Configuring Vormetric Data Firewall FS Agents to Bypass Vormetric Data Security Manager
- Syslog Log Source Parameters for Vormetric Data Security
play_arrow WatchGuard Fireware OS
- WatchGuard Fireware OS
- Configuring Your WatchGuard Fireware OS Appliance in Policy Manager for Communication with JSA
- Configuring Your WatchGuard Fireware OS Appliance in Fireware XTM for Communication with JSA
- Syslog Log Source Parameters for WatchGuard Fireware OS
play_arrow Websense
- Websense
play_arrow Zscaler Nanolog Streaming Service
- Zscaler Nanolog Streaming Service
- Zscaler NSS DSM Specifications
- Syslog Log Source Parameters for Zscaler NSS
- Zscaler NSS Sample Event Message
play_arrow Zscaler Private Access
- Zscaler Private Access
- Zscaler Private Access DSM Specifications
- Configuring Zscaler Private Access to Send Events to JSA
- Syslog Log Source Parameters for Zscaler Private Access
- Zscaler Private Access Sample Event Messages
play_arrow JSA Supported DSMs
- JSA Supported DSMs

list Table of Contents

English

keyboard_arrow_right

Vectra Networks Vectra Sample Event Messages

date_range 21-Jul-21

arrow_backward

arrow_forward

Use these sample event messages to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Vectra Networks Vectra Sample Messages when you use the Syslog Protocol

Sample 1: The following sample event message shows when samba is exploited.

content_copy zoom_out_map
<13>Jul 9 07:54:46 vectranetworks.vectra.test vectra_cef -: CEF:0|Vectra Networks|X Series|4.2|
smb_brute_force|SMB Brute-Force|7|externalId=9481 cat=LATERAL MOVEMENT dvc=10.97.41.41
dvchost=10.97.41.41 shost=hostname123.example.com src=10.125.64.136 flexNumber1Label=threat
flexNumber1=70 flexNumber2Label=certainty flexNumber2=59 cs4Label=Vectra Event URL cs4=https://
www.Qradar.test/paths/resources1.ext cs5Label=triaged cs5=False dst=10.160.0.145 dhost= proto=
dpt=445 out=None in=None start=1531119062000 end=1531119099000

Table 1: Highlighted Values in the Vectra Networks Vectra Sample Event
JSA field name	Highlighted values in the event payload
Event ID	SMB Brute-Force
Event Category	LATERAL MOVEMENT
Source IP	10.125.64.136
Destination IP	10.160.0.145
Destination Port	445

Sample 2: The following sample event message shows that there is suspicious activity.

content_copy zoom_out_map
<13>Oct 22 07:17:40 vectranetworks.vectra.test vectra_cef -: CEF:0|Vectra Networks|X Series|4.5|
kerberos_account_anomaly|Suspicious Kerberos Account|1|externalId=13841 cat=LATERAL MOVEMENT
dvc=10.97.41.41 dvchost=10.97.41.41 shost=spek006odc src=10.97.48.6 flexNumber1Label=threat
flexNumber1=10 flexNumber2Label=certainty flexNumber2=95 cs4Label=Vectra Event URL cs4=https://
www.Qradar.test/paths/resources1.ext cs5Label=triaged cs5=False dst=10.160.0.90 dhost= proto=
dpt=80 out=None in=None start=1540183389000 end=1540185634000

Table 2: Highlighted Values in the Vectra Networks Vectra Sample Event
JSA field name	Highlighted values in the event payload
Event ID	Suspicious Kerberos Account
Event Category	LATERAL MOVEMENT
Source IP	10.97.48.6
Destination IP	10.160.0.90
Destination Port	80

arrow_backward PREVIOUS Configuring Vectra Networks Vectra to Communicate with JSA

NEXT arrow_forward Venustech Venusense

footer-navigation