CTERA Drive¶
About¶
CTERA Drive gives corporate users the power to access, share and back up files using a modern collaboration interface. Desktop and mobile apps enable secure file sync and endpoint backup from any device, anywhere.
Product Details¶
Vendor URL: CTERA Drive
Product Type: Cloud Storage
Product Tier: Tier III
Integration Method: Custom
Integration URL: CTERA Drive - Cyderes Documentation
Log Guide: n/a
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 90%
Data Label: CTERA_DRIVE
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| description | metadata.description |
| timestamp | metadata.event_timestamp |
| FULL_UNCATERGORIZED | metadata.event_type |
| id | metadata.id |
| product_event | metadata.product_event_type |
| id | metadata.product_log_id |
| "CTERA Drive" | metadata.product_name |
| "CTERA" | metadata.vendor_name |
| observer | observer.hostname |
| domain | principal.administrative_domain |
| dsthost | principal.asset.hostname |
| srcaddress | principal.asset.ip |
| srchost | principal.hostname |
| srcaddress | principal.ip |
| srcuser | principal.user.userid |
| sid | principal.user.windows_sid |
| state | security_result.action_details |
| type | security_result.description |
| filename | target.file.full_path |
| processname | target.process.file.full_path |
| resourcename | target.resource.name |
Product Event Types¶
| Event | UDM Event Type |
|---|---|
| all | FILE_UNCATEGORIZED |
Log Sample¶
<13>1 date hostname1 ctera - - - {"timestamp":"time","@version":"1","principal.ip":"10.10.10.30","ctera_subcat":"fs","@timestamp":"date","status":"0x00000000","principal.user.windows_sid":"windowssid","target.file.full_path":"filename","hostname":"hostname1","event_type":"ok","type":"ctera","rootPath":"processname","host":"hostname2","syslog_path":"logid","security_result.description":"descriptiontype","local_time":"timestamp2","ctera_msg":"user=domain\\johndoe|sid=windowssid|op=descriptiontype|timestamp=time|local_time=timestamp2|rootPath=processname|share=cloud|path=filename|userpath=0020|remote hostname=10.10.10.30","target.resource.name":"cloud","ctera_cat":"ctera_audit","userpath":"0020","principal.user.userid":"domain\\johndoe"}
Sample Parsing¶
metadata.description = "fs"
metadata.event_timestamp.nanos = 0
metadata.event_timestamp.seconds = time
metadata.event_type = "FILE_UNCATEGORIZED"
metadata.id = "id"
metadata.ingested_timestamp.seconds = 1667385580
metadata.product_event_type = "ctera_audit"
metadata.product_log_id = "logid"
metadata.product_name = "CTERA Drive"
metadata.vendor_name = "CTERA"
observer.hostname = "hostname2"
principal.administrative_domain = "domain"
principal.asset.hostname = "hostname1"
principal.asset.ip = "10.10.10.30"
principal.hostname = "hostname1"
principal.ip = "10.10.10.30"
principal.user.userid = "johndoe"
principal.user.windows_sid = "windowssid"
security_result.action_details = "ok"
security_result.description = "descriptiontype"
target.file.full_path = "filename"
target.process.file.full_path = "processname"
target.resource.name = "cloud"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming soon