|Network Anomaly Detection Alerts
|Security and Compliance
Currently over 150 events are parsed. See event types in RESOURCES > Event Types, and search for "Cisco-StealthWatch-" in the main content panel Search... field. The user can extend the parser to add other events.
FortiSIEM automatically recognizes Cisco Stealthwatch syslog as long as it follows the format as shown in the sample syslog:
<129>Jun 18 14:56:00 ED2ALENTSVRSMC-1 StealthWatch: Lancope|StealthWatch|PRIORITY A|time=2018-06-18T14:55:30Z|target_hostname=|alarm_severity_id=5|alarm_type_id=60|alarm_type_description=Host may be infected with an SMB