Exabeam Sample Event Message
Use this sample event message to verify a successful integration with JSA.
Note:
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Exabeam Sample Message When You Use the Syslog Protocol
The following sample event message shows a critical Exabeam event. A high risk user session is detected.
<85>Apr 06 22:03:02 exabeam.exabeam.test Exabeam: timestamp=" 2015-04-21T15:55:21.503+08:00 " id="testUser-20140402150331" url="http://localhost:8484/#sessions/userx-20140402150331" score =" 105 " start_time="2014-04-02T15:03:31+0800" end_time="1970-01-01T08:00:00+0800" status="open" user=" userx " src_host="test-host01-userx" src_ip=" 192.0.150.7 " accounts="testUser" labels="" assets="test-host01-userx" zones="test.zone.test" top_reasons="First logon to workstation for user,First logon to network zone,Abnormal logon to network zone for group" reasons_count="10" events_count="1" alerts_count="0"
JSA field name |
Highlighted values in the event payload |
|---|---|
Event ID |
105 is critical and is extracted from the score value. |
Source IP |
192.0.150.7 |
Username |
userx |
Device Time |
2015-04-21T15:55:21.503+08:00 |