Skip to content

Appgate Software-defined Perimeter

Appgate Software-defined Perimeter

About

Appgate SDP is architected to protect private access across a complex hybrid IT environment including on-premises, in data centers, in one or more clouds (multi-cloud) or a combination of all three (i.e., a hybrid architecture) with a unified policy engine.

Product Details

Vendor URL: Appgate

Product Type: Software defined perimeter

Product Tier: Tier III

Integration Method: Syslog

Parser Details

Log Format: JSON

Expected Normalization Rate: 100%

Data Label: APPGATE_SDP

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
log.collective_id metadata.product_deployment_id
log.event_type metadata.product_event_type
log.id metadata.product_log_id
ADP metadata.product_name
log.timestamp metadata.timestamp
Appgate metadata.vendor
log.direction network.direction
log.protocol network.ip_protocol
hostname observer.ip
log.session_id principal_hostname
log.device_claims.os.type principal.asset.category
log.device_claims.os.family principal.asset.platform_software.platform
log.device_claims.os.version principal.asset.platform_software.platform_patch_level
log.device_claims.os.name principal.asset.platform_software.platform_version
daemon principal.asset.software.name
log.device_claims.clientType principal.asset.software.name
version principal.asset.software.version
log.device_claims.clientVersion principal.asset.software.version
WORKSTATION,LAPTOP principal.asset.type
log.client_ip principal.ip
log.device_claims.clientIPs principal.ip
log.geoip.city_name principal.location.city
log.geoip.country_name principal.location.country_or_region
log.geoip.latitude principal.location.region_latitude
log.geoip.longitude principal.location.region_longitude
log.geoip.region_name principal.location.state
log.device_claims.macAddresses principal.mac
log.client_port principal.port
log.distinguished_name_ou principal.user.group_identifiers
log.distinguished_name_user principal.user.userid
log.action security_result.action_details
log.action_id security_result.rule_id
log.rule_name security_result.rule_name
log.drop-reason security_result.summary
log.source_ip src.ip
log.destination_ip target.ip
log.destination_port target.port

Product Event Types

Event UDM Event Classification
Default GENERIC_EVENT
ip_access NETWORK_CONNECTION

Log Sample

{"version":2,"timestamp":"2023-01-09T15:34:35.987Z","hostname":"observername.companyname.com","daemon":"cz-vpnd","log":{"action":"allow","action_id":"Network Down#a6sd5f46s1","client_ip":"10.10.10.52","client_port":65195,"collective_id":"asj5asd4df8541","collective_name":"654e9981","connection_type":"established","destination_ip":"10.10.10.73","destination_port":65509,"direction":"down","distinguished_name":"CN=as6d5f40190840hjk,CN=Jane.Doe@companyname.com,OU=Okta - User","distinguished_name_device_id":"as6d5f40190840hjk","distinguished_name_ou":"Okta - User","distinguished_name_user":"Jane.Doe@companyname.com","entitlement_token_id":"gh56j40g65h4j0g654","event_type":"ip_access","geoip":{"city_name":"Sanford","continent_code":"NA","cordinates":[-75.1362,33.4502],"country_code2":"US","country_code3":"US","country_name":"United States","dma_code":560,"ip":"10.10.10.52","latitude":33.4502,"location":{"lat":33.4502,"lon":-75.1362},"longitude":-75.1362,"postal_code":"27332","region_code":"NC","region_name":"North Carolina","time_zone":"America/New_York"},"id":"as5df4sd98756sa","packet_size":52,"protocol":"TCP","rule_name":"Network Down","source_ip":"10.10.10.16","source_port":88,"timestamp":"2023-01-09T15:34:35.987Z","version":16}}

Sample Parsing

metadata.product_log_id = "as5df4sd98756sa"
metadata.event_type = "NETWORK_CONNECTION"
metadata.vendor_name = "Appgate"
metadata.product_name = "SDP"
metadata.product_event_type = "ip_access"
metadata.product_deployment_id = "asj5asd4df8541"
metadata.id = "f5gh4n065840f1"
principal.user.userid = "Jane.Doe"
principal.user.group_identifiers = "Okta - User"
principal.ip = "10.10.10.52"
principal.port = 65195
principal.administrative_domain = "companyname.com"
principal.location.city = "Sanford"
principal.location.state = "North Carolina"
principal.location.country_or_region = "United States"
principal.location.region_latitude = 33.4502
principal.location.region_longitude = -75.1362
principal.asset.ip = "10.10.10.52"
principal.asset.software.name = "cz-vpnd"
principal.asset.software.version = "2"
src.ip = "10.10.10.16"
src.asset.ip = "10.10.10.16"
target.ip = "10.10.10.73"
target.port = 65509
target.asset.ip = "10.10.10.73"
observer.hostname = "observername"
observer.domain.name = "companyname.com"
security_result.rule_name = "Network Down"
security_result.action = "ALLOW"
security_result.rule_id = "Network Down#a6sd5f46s1"
security_result.action_details = "allow"
network.ip_protocol = "TCP"
network.direction = "OUTBOUND"

Parser Alerting

No parser based alerting