Connectwise Control¶
About¶
Remote access and support software. Anywhere. Anytime. Any Device.
Product Details¶
Vendor URL: Connectwise Control
Product Type: Remote Access
Product Tier: Tier I
Integration Method: Syslog
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 100%
Data Label: CONNECTWISE_CONTROL
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Connectwise | metadata.vendor_name |
| Control | metadata.product_name |
| type | metadata.product_event_type |
| filter | metadata.description |
| isPublic | additional.fields["isPublic"] |
| guest | additional.fields["guest"] |
| name | target.hostname |
| name | target.asset.hostname |
| sessionid | network.session_id |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all others | GENERIC_EVENT |
Log Sample¶
<134>1 2022-12-14T12:55:01.7174777-06:00 ConnectwiseCont ScreenConnect - - [sessionid=aaabbca-ab31-4a9f-8091-bd704827df85 name=hostname1 host=<none> guest=<none> isPublic=False type=Access] A session was disconnected from
Sample Parsing¶
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Connectwise"
metadata.product_name = "Control"
metadata.product_event_type = "Access"
metadata.description = "A session was disconnected from"
additional.fields["isPublic"] = "False"
additional.fields["guest"] = "<none>"
target.hostname = "hostname1"
target.asset.hostname = "hostname1"
network.session_id = "aaabbca-ab31-4a9f-8091-bd704827df85"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon