Fidelis XPS Sample Event Messages
Use these sample event messages to verify a successful integration with JSA.
Note:
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Fidelis XPS Sample Message when you use the Syslog Protocol
The following sample event message is generated when a packet contains excess data.
c
<13>Dec 23 11:52:05 fidelis.xps.test LEEF:1.0|Fidelis Cybersecurity|direct2500|8.1.3|Packet has excess data| act=alert cs2=https://brtdc-dlpcp1/j/alert.html?7eaa5696-a995-11e5-b197-6cae8b611c2a cs2Label=linkback cs5=0 cs5Label=compression dst=10.89.233.135 dstPort=60228 fname=<n/a> cs4=<n/a> cs4Label=from cs6=default cs6Label=group cs1=DNS Analyzer Policy cs1Label=policy proto=DNS dvc=10.89.213.11 dvchost=brtdc-dlps1.phillips66.net sev=4 src=10.64.55.4 srcPort=53 msg=Packet has excess data devTime=1450889524000 duser=<n/a> usrName=<n/a> target=<n/a>
|
JSA field name |
Highlighted values in the event payload |
|---|---|
|
Event ID |
Packet has excess data |
|
Source IP |
10.64.55.4 |
|
Source Port |
53 |
|
Destination IP |
10.89.233.135 |
|
Destination Port |
60228 |
|
Username |
<n/a> |