FireEye Sample Event Message
Use this sample event message to verify a successful integration with JSA.
Note:
Due to formatting, paste the message format into a text editor and then remove any carriage return or line feed characters.
FireEye sample message when you use the Syslog or TLS syslog protocol
The following sample event message shows that an Indicator of Compromise (IOC) was detected.
<149>Jul 23 18:54:24 fireeye.mps.test cef[5159]: CEF:0|fireeye|HX|4.8.0|IOC Hit Found|IOC Hit Found|10|rt=Jul 23 2019 16:54:24 UTC dvchost=fireeye.mps.test categoryDeviceGroup=/IDS categoryDe viceType=Forensic Investigation categoryObject=/Host cs1Label=Host Agent Cert Hash cs1=fwvqcmXUHVcbm4 AFK01cim dst=192.168.1.172 dmac=00-00-5e-00-53-00 dhost=test-host1 dntdom=test deviceCustomDate1Label =Agent Last Audit deviceCustomDate1=Jul 23 2019 16:54:22 UTC cs2Label=FireEye Agent Version cs2=29.7. 0 cs5Label=Target GMT Offset cs5=+PT2H cs6Label=Target OS cs6=Windows 10 Pro 17134 externalId=1768855 4 start=Jul 23 2019 16:53:18 UTC categoryOutcome=/Success categorySignificance=/Compromise categoryBe havior=/Found cs7Label=Resolution cs7=ALERT cs8Label=Alert Types cs8=exc act=Detection IOC Hit msg=Ho st test-host1 IOC compromise alert categoryTupleDescription=A Detection IOC found a compromise indica tion. cs4Label=IOC Name cs4=SVCHOST SUSPICIOUS PARENT PROCESS (METHODOLOGY) categoryTechnique=Alert