Enterprise-IT-Security.com SF-Sherlock
The JSA DSM for Enterprise-IT-Security.com SF-Sherlock collects logs from your Enterprise-IT-Security.com SF-Sherlock servers.
The following table describes the specifications for the Enterprise-IT-Security.com SF-Sherlock DSM:
Specification |
Value |
---|---|
Manufacturer |
Enterprise-IT-Security.com |
DSM name |
Enterprise-IT-Security.com SF-Sherlock |
RPM file name |
DSM-EnterpriseITSecuritySFSherlock-JSA_version-build_number.noarch.rpm |
Supported versions |
v8.1 and later |
Event format |
Log Event Extended Format (LEEF) |
Recorded event types |
All_Checks, DB2_Security_Configuration, JES_Configuration, Job_Entry_System_Attack, Network_Parameter, Network_Security, No_Policy, Resource_Access_Viol, Resource_Allocation, Resource_Protection, Running_System_Change, Running_System_Security, Running_System_Status, Security_Dbase_Scan, Security_Dbase_Specialty, Security_Dbase_Status, Security_Parm_Change, Security_System_Attack, Security_System_Software, Security_System_Status, SF-Sherlock, Sherlock_Diverse, Sherlock_Diverse, Sherlock_Information, Sherlock_Specialties, Storage_Management, Subsystem_Scan, Sysplex_Security, Sysplex_Status, System_Catalog, System_File_Change, System_File_Security, System_File_Specialty, System_Log_Monitoring, System_Module_Security, System_Process_Security, System_Residence, System_Tampering, System_Volumes, TSO_Status, UNIX_OMVS_Security, UNIX_OMVS_System, User_Defined_Monitoring, xx_Resource_Prot_Templ |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
Enterprise-IT-Security website (http:/www.enterprise-it-security.com) |
To integrate Enterprise-IT-Security.com SF-Sherlock with JSA, complete the following steps:
If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console:
Enterprise-IT-Security.com SF-Sherlock DSM RPM
DSM Common RPM
Configure your Enterprise-IT-Security.com SF-Sherlock device to send syslog events to JSA.
If JSA does not automatically detect the log source, add a Enterprise-IT-Security.com SF-Sherlock log source on the JSA Console. The following table describes the parameters that require specific values for Enterprise-IT-Security.com SF-Sherlock event collection:
Table 2: Enterprise-IT-Security.com SF-Sherlock Log Source Parameters Parameter
Value
Log Source type
Enterprise-IT-Security.com SF-Sherlock
Protocol Configuration
Syslog