STEALTHbits StealthINTERCEPT Alerts
JSA collects alerts logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Alerts DSM
The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Alerts DSM:
Specification |
Value |
---|---|
Manufacturer |
STEALTHbits Technologies |
DSM name |
STEALTHbits StealthINTERCEPT Alerts |
RPM file name |
DSM-STEALTHbitsStealth INTERCEPTAlerts- JSA_version-build_number .noarch.rpm |
Supported versions |
3.3 |
Protocol |
Syslog LEEF |
Recorded event types |
Active Directory Alerts Events |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept) |
To integrate STEALTHbits StealthINTERCEPT with JSA, complete the following steps:
-
If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console:
-
DSMCommon RPM
-
STEALTHbitsStealthINTERCEPT RPM
-
STEALTHbitsStealthINTERCEPTAlerts RPM
-
Configure your STEALTHbits StealthINTERCEPT device to send syslog events to JSA.
If JSA does not automatically detect the log source, add a STEALTHbits StealthINTERCEPT Alerts log source on the JSA Console. The following table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT Alerts event collection:
Table 2: STEALTHbits StealthINTERCEPT Alerts Log Source Parameters Parameter
Value
Log Source type
STEALTHbits StealthINTERCEPT Alerts
Protocol Configuration
Syslog
Collecting Alerts Logs from STEALTHbits StealthINTERCEPT
To collect all alerts logs from STEALTHbits StealthINTERCEPT, you must specify JSA as the syslog server and configure the message format.
Log in to your STEALTHbits StealthINTERCEPT server.
Start the Administration Console.
Click Configuration > Syslog Server.
Configure the following parameters:
Parameter
Description
Host Address
The IP address of the JSA console
Port
514
Click Import mapping file.
Select the SyslogLeefTemplate.txt file and press Enter.
Click Save.
On the Administration Console, click Actions.
Select the mapping file that you imported, and then select the Send to Syslog check box.
Tip:Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.
Click Add.