Data exports give you the option to configure the events Verdasys
Digital Guardian forwards to JSA.
- Log in to the Digital Guardian Management Console.
- Select Workspace >Data Export >Create Export.
- From the Data Sources list, select Alerts or Events as the data source.
- From the Export type list, select JSA LEEF.
If your Verdasys Digital Guardian is v6.0.x, you can select Syslog as the Export Type. JSA LEEF
is the preferred export type format for all Verdasys Digital Guardian
appliances with v6.1.1 and later.
- From the Type list, select UDP or TCP as the transport protocol.
JSA can accept syslog events from either transport
protocol. If the length of your alert events typically exceeds 1024
bytes, then you can select TCP to prevent the events from
being truncated.
- In the Server field, type the IP address of
your JSA console or Event Collector.
- In the Port field, type 514.
- From the Severity Level list, select a severity
level.
- Select the Is Active check box.
- Click Next.
- From the list of available fields, add the following Alert
or Event fields for your data export:
Agent Local Time
Application
Computer Name
Detail File Size
IP Address
Local Port
Operation (required)
Policy
Remote Port
Rule
Severity
Source IP Address
User Name
Was Blocked
Was Classified
- Select a Criteria for the fields in your data export and
click Next.
By default, the Criterion is blank.
- Select a group for the criteria and click Next.
By default, the Group is blank.
- Click Test Query.
A Test Query ensures that the database runs properly.
- Click Next.
- Save the data export.
The configuration is complete.
The data export from Verdasys Digital Guardian occurs on a 5-minute
interval. You can adjust this timing with the job scheduler in Verdasys
Digital Guardian, if required. Events that are exported to JSA by Verdasys Digital Guardian are displayed on the Log Activity tab.
