Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

CloudLock Cloud Security Fabric

The JSA DSM for CloudLock Cloud Security Fabric collects events from the CloudLock Cloud Security Fabric service.

The following table describes the specifications for the CloudLock Cloud Security Fabric DSM:

Table 1: CloudLock Cloud Security Fabric DSM Specifications

Specification

Value

Manufacturer

CloudLock

DSM name

CloudLock Cloud Security Fabric

RPM file name

DSM-CloudLockCloudSecurityFabric-JSA_version-build_number .noarch.rpm

Supported versions

NA

Protocol

Syslog

Event format

Log Event Extended Format (LEEF)

Recorded event types

Incidents

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

Cloud Cybersecurity (https://www.cloudlock.com/products/)

To integrate CloudLock Cloud Security Fabric with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console in the order that they are listed:

    • DSMCommon RPM

    • CloudLock Cloud Security Fabric DSM RPM

  2. Configure your CloudLock Cloud Security Fabric service to send Syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a CloudLock Cloud Security Fabric log source on the JSA Console. The following table describes the parameters that require specific values for CloudLock Cloud Security Fabric event collection:

    Table 2: CloudLock Cloud Security Fabric Log Source Parameters

    Parameter

    Value

    Log Source type

    CloudLock Cloud Security Fabric

    Protocol Configuration

    Syslog

The following table provides a sample event message for the CloudLock Cloud Security Fabric DSM:

Table 3: CloudLock Cloud Security Fabric Sample Message Supported by the CloudLock Cloud Security Fabric Service

Event name

Low level category

Sample log message

New Incident

Suspicious Activity

LEEF: 1.0|Cloudlock|API|v2|Incidents|
match_count=2 sev=1 entity_id=ebR4q6DxvA entity_origin
_type=document group=None url=https://example.com/
a/path/file/d/<File_path_ID/
view?usp=drivesdk CloudLockID=xxxxxxxxxx updated_at=
2016¬01-20T15:42:15.128356+0000 entity_owner_email=
user@example.com cat=NEW entity_origin_id=
<File_path_ID> entity_mime_type=text/
plain devTime=2016¬01-20T15:42:14.913178+0000
policy=Custom Regex resource=confidential.txt usrName=
Admin Admin realm=domain policy_id=xxxxxxxxxx
devTimeFormat=yyyy¬MM-dd'T'HH:mm:ss.SSSSSSZ