AnsweredAssumed Answered

Parser Log

Question asked by Maykon Junior Pinto on Apr 1, 2019
Latest reply on Apr 2, 2019 by Maykon Junior Pinto

Like • Show 0 Likes0
Comment • 2

Hi, I need to diffuse this log into parsers for better treatment. Can someone help me?

Mar 31 03:14:29 proddf0123.xx.com lcp_sep_alert_event: INFO - PROXXF0123.xx.com CEF:0|Symantec|SEDR|4.0.0|4123|lcp_sep_alert_event|0|device_time=2019-03-31T03:10:29.176Z device_uid=d84178dd-xxxx-4d63-91db-005caba0f1a8 internalIP=10.10.10.10 internalHost=SERVIDOR filePath=D:\\documentos\\Agenda DABC fname=Agenda DABC.lnk sha2=f306adfb2fc206xxxx67eedfead36fd39d082efa5a4c70fa855a41b2a60bc2ff6 md5=21d1b2bab560f32641c138accf249d07 AVEVirusName=W32.Ippedo actual_action=Quarantined user_name=Convidado domain_name=DABCTO json={"actual_action":"Quarantined","actual_action_idx":1,"agent_infected":0,"agent_version":"14.0.3897.1101","alert":"Virus found","device_ip":"10.10.10.10","device_name":"SERVIDOR","device_time":"2019-03-31T03:10:29.176Z","device_uid":"a84178db-f1af-4v63-91gb-005caba0f1d8","disposition":1,"domain_name":"DABCTO","dynacat":0,"file":{"app_name":"MozillaFirefox.lnk","company_name":"null","confidence":119,"detection_type":"Heuristic","disposition":0,"folder":"D:\\documentos\\Agenda DABC","md5":"21d1b2bab560f326aaaac14e2f249d07","name":"Agenda DABC.lnk","sha2":"f306adfb2fc2aaaab267eedfead36fd39d082efa6f040fa855a41b2a60bc2ff6"},"hid_level":0,"host_name":"SERVIDOR","internal_ip":"10.10.10.10","local_host_mac":"ec-a8-6b-ef-6c-bb","no_of_viruses":1,"scan_type":"Real Time Scan","sep_mid":"e01eee04b1461c4f312aaaa26713d75f","threat":{"name":"W32.Ippedo"},"type_id":4123,"user_name":"Convidado","virus_def":"2019-03-27 rev. 006","virus_name":"W32.Ippedo","sep_installed":true}

Erica Chalfin

Apr 2, 2019 8:43 AM

Correct Answer

Maykon Junior Pinto,

I've moved your question to the RSA NetWitness Platform space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.

Alternatively, from the RSA Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA NetWitness Platform and click Ask A Question. That way your question will appear in the correct space.

Regards,

Erica

See the reply in context

No one else had this question

Outcomes

2 Replies

Erica Chalfin Apr 2, 2019 8:43 AM
Unmark Correct
Correct Answer
Maykon Junior Pinto,

I've moved your question to the RSA NetWitness Platform space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.

Alternatively, from the RSA Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA NetWitness Platform and click Ask A Question. That way your question will appear in the correct space.

Regards,
Erica
Like • Show 1 Like1
Actions
Maykon Junior Pinto Apr 2, 2019 4:34 PM
Mark Correct
Correct Answer
Can someone help me?
Like • Show 0 Likes0
Actions

Parser Log

Outcomes

Related Content

Recommended Content