|Protocol||Information Discovered||Used For|
|syslog||Network Anomaly Detection Alerts||Security and Compliance|
FortiSIEM automatically recognizes Cisco Stealthwatch syslog as long it follows the following format as shown in the sample syslog:
<129>Jun 18 14:56:00 ED2ALENTSVRSMC-1 StealthWatch: Lancope|StealthWatch|PRIORITY A|time=2018-06-18T14:55:30Z|target_hostname=|alarm_severity_id=5|alarm_type_id=60|alarm_type_description=Host may be infected with an SMB
Parsing and Events
Currently over 150 events are parsed – see event Types in Resources > Event Types and search for 'Cisco-StealthWatch-'. User can extend the parser to add other events.