Cyolo ZTNA¶
About¶
Cyolo securely connects onsite & remote users, to applications, servers, desktop & files. Remove the need to connect to users’ networks, NACs etc. Deploy in Minutes. Resilient. Agile. Boundless. Services: Controlled Access, Compliance Ready, Secure Remote Access.
Product Details¶
Vendor URL: Securely connect to any environment with Zero Trust | Cyolo
Product Type: VPN
Product Tier: Tier III
Integration Method: Syslog
Integration URL: Zero Trust - Cyolo
Log Guide: Zero Trust - Cyolo
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 90%
Data Label: CYOLO_ZTNA
UDM Fields (list of all UDM fields leveraged in the Parser):
Log File Field | UDM Field |
---|---|
ALLOW,BLOCK,FAIL | security_result.action |
authnmethodsreferences | additional.fields |
component/policy | metadata.product_event_type |
connect | security_result.description |
displayname | principal.user.user_display_name |
emailaddress | principal.user.email_addresses |
givenname | principal.user.first_name |
identityprovider | additional.fields |
mapping | target.application |
objectidentifier | additional.fields |
observer | observer.hostname |
policy | security_result.rule_name |
reason | network.ip_protocol |
reason | target.hostname |
reason | target.ip |
reason | target.port |
reason | metadata.description |
remoteAddr | principal.hostname |
remoteAddr | principal.ip |
remoteAddr | principal.port |
Statically Defined | metadata.vendor_name |
Statically Defined | metadata.product_name |
Statically Defined | metadata.event_type |
summary | security_result.summary |
surname | principal.user.last_name |
tenantid | additional.fields |
user/name | principal.user.userid |
user_groups | principal.user.group_identifiers |
Product Event Types¶
type,subtype | severity | UDM Event Classification | alerting enabled |
---|---|---|---|
Default | GENERIC_EVENT | ||
logged in | USER_LOGIN | ||
Health Check | STATUS_UPDATE | ||
UPSTREAM_NOT_FOUND | STATUS_UPDATE | ||
saml response attributes | STATUS_UPDATE |
Log Sample¶
<28>2022-08-11T19:35:35Z ZTNA_device [idac][1]: 2022/08/11 19:35:35 I [idac] component: Health Check, failed to sample mapping: computername, reason: dial tcp 10.10.10.100:3389: i/o timeout
Sample Parsing¶
metadata.event_timestamp = "2022-08-11T19:35:35Z"
metadata.event_type = "STATUS_UPDATE"
metadata.vendor_name = "Cyolo"
metadata.product_name = "ZTNA"
metadata.product_event_type = "Health Check"
metadata.description = "dial tcp 10.10.10.100:3389: i/o timeout"
principal.hostname = "computername"
principal.asset.hostname = "computername"
target.ip = "10.10.10.100"
target.port = 3389
target.asset.ip = "10.10.10.100"
observer.hostname = "ZTNA_device"
Parser Alerting¶
This product currently does not have any Parser-based Alerting