Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Cisco Stealthwatch

Integration Points

Protocol Information Discovered Used For
syslog Network Anomaly Detection Alerts Security and Compliance

Event Types

Currently over 150 events are parsed. See event types in RESOURCES > Event Types, and search for "Cisco-StealthWatch-" in the main content panel Search... field. The user can extend the parser to add other events.

Configuring FortiSIEM

FortiSIEM automatically recognizes Cisco Stealthwatch syslog as long as it follows the format as shown in the sample syslog:

<129>Jun 18 14:56:00 ED2ALENTSVRSMC-1 StealthWatch[2699]: Lancope|StealthWatch|PRIORITY A|time=2018-06-18T14:55:30Z|target_hostname=|alarm_severity_id=5|alarm_type_id=60|alarm_type_description=Host may be infected with an SMB

Cisco Stealthwatch

Integration Points

Protocol Information Discovered Used For
syslog Network Anomaly Detection Alerts Security and Compliance

Event Types

Currently over 150 events are parsed. See event types in RESOURCES > Event Types, and search for "Cisco-StealthWatch-" in the main content panel Search... field. The user can extend the parser to add other events.

Configuring FortiSIEM

FortiSIEM automatically recognizes Cisco Stealthwatch syslog as long as it follows the format as shown in the sample syslog:

<129>Jun 18 14:56:00 ED2ALENTSVRSMC-1 StealthWatch[2699]: Lancope|StealthWatch|PRIORITY A|time=2018-06-18T14:55:30Z|target_hostname=|alarm_severity_id=5|alarm_type_id=60|alarm_type_description=Host may be infected with an SMB