STEALTHbits StealthINTERCEPT
The JSA DSM for STEALTHbits StealthINTERCEPT can collect event logs from your STEALTHbits StealthINTERCEPT and File Activity Monitor services.
The following table identifies the specifications for the STEALTHbits StealthINTERCEPT DSM.
Specification |
Value |
---|---|
Manufacturer |
STEALTHbits Technologies |
DSM |
STEALTHbits StealthINTERCEPT |
RPM file name |
DSM-STEALTHbits StealthINTERCEPT- JSA_Version -build_number.noarch.rpm |
Supported versions |
3.3 |
Protocol |
Syslog |
Event format |
LEEF |
JSA recorded events |
Active Directory Audit Events, File Activity Monitor Events |
Automatically discovered |
Yes |
Includes identity |
No |
More information |
Syslog Log Source Parameters for STEALTHbits StealthINTERCEPT
If JSA does not automatically detect the log source, add a STEALTHbits StealthINTERCEPT log source on the JSA Console by using the Syslog protocol.
When using the Syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Syslog events from STEALTHbits StealthINTERCEPT:
Parameter |
Value |
---|---|
Log Source Type |
STEALTHbits StealthINTERCEPT |
Protocol Configuration |
Syslog |
Configuring Your STEALTHbits StealthINTERCEPT to Communicate with JSA
To collect all audit logs and system events from STEALTHbits StealthINTERCEPT, you must specify JSA as the syslog server and configure the message format.
-
Log in to your STEALTHbits StealthINTERCEPT server.
-
Start the Administration Console.
-
Click Configuration >Syslog Server.
-
Configure the following parameters:
Table 3: Syslog Parameters Parameter
Description
Host Address
The IP address of the JSA console
Port
514
-
Click Import mapping file.
-
Select the SyslogLeefTemplate.txt file and press Enter.
-
Click Save.
-
On the Administration Console, click Actions.
-
Select the mapping file that you imported, and then select the Send to Syslog check box.
Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.
-
Click Add.
Configuring Your STEALTHbits File Activity Monitor to Communicate with JSA
To collect events from STEALTHbits File Activity Monitor, you must specify JSA as the Syslog server and configure the message format.
-
Log in to the server that runs STEALTHbits File Activity Monitor.
-
Select the Monitored Hosts tab.
-
Select a monitored host and click Edit to open the host's properties window.
-
Select the Syslog tab and configure the following parameters:
Parameter
Description
Bulk Syslog server in SERVER[:PORT] format
<JSA event collector IP address>:514
Example: 10.1.1.1:514
<jsahostname>:514
Syslog message template file path
SyslogLeefTemplate.txt
The template is stored in the STEALTHbits File Activity Monitor Install Directory
-
Click OK.
Syslog Log Source Parameters for STEALTHbits File Activity Monitor
If JSA does not automatically detect the log source, add a STEALTHbits File Activity Monitor log source on the JSA Console by using the Syslog protocol.
When using the Syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Syslog events from STEALTHbits File Activity Monitor:
Parameter |
Value |
---|---|
Log Source Type |
STEALTHbits File Activity Monitor |
Protocol Configuration |
Syslog |