Supported Event Collection Protocols for ThreatGRID Malware Threat Intelligence
ThreatGRID Malware Threat Intelligence Platform writes malware events that are readable by JSA.
The LEEF creation script is configured on the ThreatGRID appliance and queries the ThreatGRID API to write LEEF events that are readable by JSA. The event collection protocol your log source uses to collect malware events is based on the script you install on your ThreatGRID appliance.
Two script options are available for collecting LEEF formatted events:
Syslog- The syslog version of the LEEF creation script allows your ThreatGRID appliance to forward events directly to JSA. Events that are forwarded by the syslog script are automatically discovered by JSA.
Log file- The log file protocol version of the LEEF creation script allows the ThreatGRID appliance to write malware events to a file. JSA uses the log file protocol to communicate with the event log host to retrieve and parse malware events.
The LEEF creation script is available from ThreatGRID customer support. For more information, see the ThreatGRID websitehttp://www.threatgrid.com or email ThreatGRID support at email@example.com.