LightCyber Magna

The JSA DSM for LightCyber Magna collects events from a LightCyber Magna device.

The following table describes the specifications for the LightCyber Magna DSM:

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Table 1: LightCyber Magna DSM Specifications
Specification	Value
Manufacturer	LightCyber
DSM name	LightCyber Magna
RPM file name	DSM-LightCyberMagna-`JSA_version-build_number`.noarch.rpm
Supported versions	3.9
Protocol	Syslog
Event format	LEEF
Recorded event types	C&C Exfilt Lateral Malware Recon
Automatically discovered?	Yes
Includes identity?	No
Includes custom properties?	No
More information	LightCyber website (https://www.lightcyber.com)

To integrate LightCyber Magna with JSA, complete the following steps:

If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA Console::
- DSMCommon RPM
- LightCyber Magna DSM RPM
Configure your LightCyber Magna device to send syslog events to JSA.

If JSA does not automatically detect the log source, add a LightCyber Magna log source on the JSA console. The following table describes the parameters that require specific values to collect events from LightCyber Magna:

Table 2: LightCyber Magna Log Source Parameters
Parameter	Value
Log Source type	LightCyber Magna
Protocol Configuration	Syslog
Log Source Identifier	Type a unique identifier for the log source.

To verify that JSA is configured correctly, review the following table to see an example of a normalized audit event message.

The following table shows a sample event message from LightCyber Magna:

Table 3: LightCyber Magna Sample Message
Event name	Low level category	Sample log message
Suspicious Riskware	Misc Malware	LEEF:2.0\|LightCyber\|Magna \|3.7.3.0\|New indicator\|type=Riskware sev=7 devTime=Sep 18 2016 08:26 :08 devTimeFormat=MMM dd yyyy HH:mm:ss devTimeEnd=Sep 29 2016 15:26:47 devTimeEndFormat=MMM dd yyyy HH:mm:ss msg=Riskware alert (0 ) app= dstPort= usrName= shostId=xxxxxxxxxxxx- xxxx-xxxx-xxxxxxxxxxxx shost=PC04 src=<Source_IP_address> srcMAC=<Source_MAC_address> status=Suspicious filePath=c:\program files\ galaxy must\galaxy must.exe malwareName=W32.HfsAutoB.3DF2 fileHash=d836433d538d864d21a4e 0f7d66e30d2 externalId=16100 sdeviceExternalId=32373337 -3938-5A43-4A35-313030303336

Table 3: LightCyber Magna Sample Message

Event name

Low level category

Sample log message

Suspicious Riskware

Misc Malware

LEEF:2.0|LightCyber|Magna
|3.7.3.0|New indicator|type=Riskware
sev=7 devTime=Sep 18 2016 08:26
:08 devTimeFormat=MMM dd yyyy
HH:mm:ss devTimeEnd=Sep 29
2016 15:26:47 devTimeEndFormat=MMM
dd yyyy HH:mm:ss msg=Riskware
alert (0 ) app= dstPort=
usrName= shostId=xxxxxxxxxxxx-
xxxx-xxxx-xxxxxxxxxxxx
shost=PC04 src=<Source_IP_address>
srcMAC=<Source_MAC_address>
status=Suspicious
filePath=c:\program files\
galaxy must\galaxy must.exe
malwareName=W32.HfsAutoB.3DF2
fileHash=d836433d538d864d21a4e
0f7d66e30d2
externalId=16100
sdeviceExternalId=32373337
-3938-5A43-4A35-313030303336