CloudLock Cloud Security Fabric
The JSA DSM for CloudLock Cloud Security Fabric collects events from the CloudLock Cloud Security Fabric service.
The following table describes the specifications for the CloudLock Cloud Security Fabric DSM:
Specification |
Value |
---|---|
Manufacturer |
CloudLock |
DSM name |
CloudLock Cloud Security Fabric |
RPM file name |
DSM-CloudLockCloudSecurityFabric-JSA_version-build_number .noarch.rpm |
Supported versions |
NA |
Protocol |
Syslog |
Event format |
Log Event Extended Format (LEEF) |
Recorded event types |
Incidents |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
Cloud Cybersecurity (https://www.cloudlock.com/products/) |
To integrate CloudLock Cloud Security Fabric with JSA, complete the following steps:
If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console in the order that they are listed:
DSMCommon RPM
CloudLock Cloud Security Fabric DSM RPM
Configure your CloudLock Cloud Security Fabric service to send Syslog events to JSA.
If JSA does not automatically detect the log source, add a CloudLock Cloud Security Fabric log source on the JSA Console. The following table describes the parameters that require specific values for CloudLock Cloud Security Fabric event collection:
Table 2: CloudLock Cloud Security Fabric Log Source Parameters Parameter
Value
Log Source type
CloudLock Cloud Security Fabric
Protocol Configuration
Syslog
The following table provides a sample event message for the CloudLock Cloud Security Fabric DSM:
Event name |
Low level category |
Sample log message |
---|---|---|
New Incident |
Suspicious Activity |
LEEF: 1.0|Cloudlock|API|v2|Incidents| match_count=2 sev=1 entity_id=ebR4q6DxvA entity_origin _type=document group=None url=https://example.com/ a/path/file/d/<File_path_ID/ view?usp=drivesdk CloudLockID=xxxxxxxxxx updated_at= 2016¬01-20T15:42:15.128356+0000 entity_owner_email= user@example.com cat=NEW entity_origin_id= <File_path_ID> entity_mime_type=text/ plain devTime=2016¬01-20T15:42:14.913178+0000 policy=Custom Regex resource=confidential.txt usrName= Admin Admin realm=domain policy_id=xxxxxxxxxx devTimeFormat=yyyy¬MM-dd'T'HH:mm:ss.SSSSSSZ |