Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

LightCyber Magna

The JSA DSM for LightCyber Magna collects events from a LightCyber Magna device.

The following table describes the specifications for the LightCyber Magna DSM:

Table 1: LightCyber Magna DSM Specifications

Specification

Value

Manufacturer

LightCyber

DSM name

LightCyber Magna

RPM file name

DSM-LightCyberMagna-JSA_version-build_number.noarch.rpm

Supported versions

3.9

Protocol

Syslog

Event format

LEEF

Recorded event types

C&C

Exfilt

Lateral

Malware

Recon

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

LightCyber website (https://www.lightcyber.com)

To integrate LightCyber Magna with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • DSMCommon RPM

    • LightCyber Magna DSM RPM

  2. Configure your LightCyber Magna device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a LightCyber Magna log source on the JSA console. The following table describes the parameters that require specific values to collect events from LightCyber Magna:

    Table 2: LightCyber Magna Log Source Parameters

    Parameter

    Value

    Log Source type

    LightCyber Magna

    Protocol Configuration

    Syslog

    Log Source Identifier

    Type a unique identifier for the log source.

  4. To verify that JSA is configured correctly, review the following table to see an example of a normalized audit event message.

    The following table shows a sample event message from LightCyber Magna:

    Table 3: LightCyber Magna Sample Message

    Event name

    Low level category

    Sample log message

    Suspicious Riskware

    Misc Malware

    LEEF:2.0|LightCyber|Magna |3.7.3.0|New indicator|type=Riskware sev=7 devTime=Sep 18 2016 08:26 :08 devTimeFormat=MMM dd yyyy HH:mm:ss devTimeEnd=Sep 29 2016 15:26:47 devTimeEndFormat=MMM dd yyyy HH:mm:ss msg=Riskware alert (0 ) app= dstPort= usrName= shostId=4d4bc779- 059b-4d0e-b054-4c8df4529828 shost=PC04 src=127.0.0.1 srcMAC=00-50-50-50-00-f0 status=Suspicious filePath=c:\program files\ galaxy must\galaxy must.exe malwareName=W32.HfsAutoB.3DF2 fileHash=d836433d538d864d21a4e 0f7d66e30d2 externalId=16100 sdeviceExternalId=32373337 -3938-5A43-4A35-313030303336