The Fidelis XPS DSM for JSA accepts events that are forwarded in Log Enhanced Event Protocol (LEEF) from Fidelis XPS appliances by using syslog.
JSA can collect all relevant alerts that are triggered by policy and rule violations that are configured on your Fidelis XPS appliance.
Event Type Format
Fidelis XPS must be configured to generate events in Log Enhanced Event Protocol (LEEF) and forward these events by using syslog. The LEEF format consists of a pipe ( | ) delimited syslog header, and tab separated fields that are positioned in the event payload.
If the syslog events forwarded from your Fidelis XPS are not formatted in LEEF format, you must examine your device configuration or software version to ensure that your appliance supports LEEF. Properly formatted LEEF event messages are automatically discovered and added as a log source to JSA.