Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

STEALTHbits StealthINTERCEPT Alerts

 

JSA collects alerts logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Alerts DSM

The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Alerts DSM:

Table 1: STEALTHbits StealthINTERCEPT Alerts DSM Specifications

Specification

Value

Manufacturer

STEALTHbits Technologies

DSM name

STEALTHbits StealthINTERCEPT Alerts

RPM file name

DSM-STEALTHbitsStealthINTERCEPTAlerts-JSA_version-build_number

.noarch.rpm

Supported versions

3.3

Protocol

Syslog LEEF

Recorded event types

Active Directory Alerts Events

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept)

To integrate STEALTHbits StealthINTERCEPT with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • DSMCommon RPM

    • STEALTHbitsStealthINTERCEPT RPM

    • STEALTHbitsStealthINTERCEPTAlerts RPM

  2. Configure your STEALTHbits StealthINTERCEPT device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a STEALTHbits StealthINTERCEPT Alerts log source on the JSA Console. The following table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT Alerts event collection:

    Table 2: STEALTHbits StealthINTERCEPT Alerts Log Source Parameters

    Parameter

    Value

    Log Source type

    STEALTHbits StealthINTERCEPT Alerts

    Protocol Configuration

    Syslog

Collecting Alerts Logs from STEALTHbits StealthINTERCEPT

To collect all alerts logs from STEALTHbits StealthINTERCEPT, you must specify JSA as the syslog server and configure the message format.

  1. Log in to your STEALTHbits StealthINTERCEPT server.
  2. Start the Administration Console.
  3. Click Configuration > Syslog Server.
  4. Configure the following parameters:

    Parameter

    Description

    Host Address

    The IP address of the JSA console

    Port

    514

  5. Click Import mapping file.
  6. Select the SyslogLeefTemplate.txt file and press Enter.
  7. Click Save.
  8. On the Administration Console, click Actions.
  9. Select the mapping file that you imported, and then select the Send to Syslog check box. Tip

    Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.

  10. Click Add.