Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

STEALTHbits StealthINTERCEPT Analytics

 

JSA collects analytics logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Analytics DSM.

The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Analytics DSM:

Table 1: STEALTHbits StealthINTERCEPT Analytics DSM Specifications

Specification

Value

Manufacturer

STEALTHbits Technologies

DSM name

STEALTHbits StealthINTERCEPT Analytics

RPM file name

DSM-STEALTHbitsStealthINTERCEPTAnalytics-JSA_version-build_number.noarch.rpm

Supported versions

3.3

Protocol

Syslog LEEF

Recorded event types

Active Directory Analytics Events

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept)

Integrate STEALTHbits StealthINTERCEPT with JSA by completing the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console in the order that they are listed:

    • DSMCommon RPM

    • STEALTHbitsStealthINTERCEPT RPM

    • STEALTHbitsStealthINTERCEPTAnalytics RPM

  2. Configure your STEALTHbits StealthINTERCEPT device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a STEALTHbits StealthINTERCEPT Analytics log source on the JSA Console. The following table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT Analytics event collection:

    Table 2: STEALTHbits StealthINTERCEPT Analytics Log Source Parameters

    Parameter

    Value

    Log Source type

    STEALTHbits StealthINTERCEPT Analytics

    Protocol Configuration

    Syslog

Collecting Analytics Logs from STEALTHbits StealthINTERCEPT

To collect all analytics logs from STEALTHbits StealthINTERCEPT, you must specify JSA as the syslog server and configure the message format.

  1. Log in to your STEALTHbits StealthINTERCEPT server.
  2. Start the Administration Console.
  3. Click Configuration > Syslog Server.
  4. Configure the following parameters:

    Parameter

    Description

    Host Address

    The IP address of the JSA console

    Port

    514

  5. Click Import mapping file.
  6. Select the SyslogLeefTemplate.txt file and press Enter.
  7. Click Save.
  8. On the Administration Console, click Actions.
  9. Select the mapping file that you imported, and then select the Send to Syslog check box. Tip

    Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.

  10. Click Add.