STEALTHbits StealthINTERCEPT Analytics
JSA collects analytics logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Analytics DSM.
The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Analytics DSM:
Specification |
Value |
---|---|
Manufacturer |
STEALTHbits Technologies |
DSM name |
STEALTHbits StealthINTERCEPT Analytics |
RPM file name |
DSM-STEALTHbits StealthINTERCEPT Analytics-JSA_version-build_number .noarch.rpm |
Supported versions |
3.3 |
Protocol |
Syslog LEEF |
Recorded event types |
Active Directory Analytics Events |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept) |
Integrate STEALTHbits StealthINTERCEPT with JSA by completing the following steps:
-
If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA Console in the order that they are listed:
-
DSMCommon RPM
-
STEALTHbitsStealthINTERCEPT RPM
-
STEALTHbitsStealthINTERCEPTAnalytics RPM
-
Configure your STEALTHbits StealthINTERCEPT device to send syslog events to JSA.
If JSA does not automatically detect the log source, add a STEALTHbits StealthINTERCEPT Analytics log source on the JSA Console. The following table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT Analytics event collection:
Table 2: STEALTHbits StealthINTERCEPT Analytics Log Source Parameters Parameter
Value
Log Source type
STEALTHbits StealthINTERCEPT Analytics
Protocol Configuration
Syslog
Collecting Analytics Logs from STEALTHbits StealthINTERCEPT
To collect all analytics logs from STEALTHbits StealthINTERCEPT, you must specify JSA as the syslog server and configure the message format.
Log in to your STEALTHbits StealthINTERCEPT server.
Start the Administration Console.
Click Configuration > Syslog Server.
Configure the following parameters:
Parameter
Description
Host Address
The IP address of the JSA console
Port
514
Click Import mapping file.
Select the SyslogLeefTemplate.txt file and press Enter.
Click Save.
On the Administration Console, click Actions.
Select the mapping file that you imported, and then select the Send to Syslog check box.
Tip:Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.
Click Add.