Delinea Privilege Manager¶
About¶
Privilege Manager is an endpoint least privilege and application control solution for Windows and macOS, capable of supporting enterprises and fast-growing organizations at scale. Mitigate malware and modern security threats from exploiting applications by removing local administrative rights from endpoints.
Product Details¶
Vendor URL: Delinea
Product Type: Endpoint
Product Tier: Tier III
Integration Method: Syslog
Parser Details¶
Log Format: Syslog/KV
Expected Normalization Rate: 100%
Data Label: DELINEA_PRIVILEGE_MANAGER
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| _ComputerId | observer.asset.product_object_id |
| _FileId | target.resource.product_object_id |
| externalId | additional.fields |
| FileName | target.file.names |
| FilePath | target.file.full_path |
| log_id | metadata.product_log_id |
| observer_host | observer.hostname |
| PolicyName | security_result.rule_name |
| PolicyName | security_result.rule_name |
| product | metadata.product_name |
| product_event | metadata.product_event_type |
| severity | security_result.severity_details |
| UserName | principal.user.userid |
| vendor | metadata.vendor_name |
| version | metadata.product_version |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| All | GENERIC_EVENT |
Log Sample¶
<5>1 2024-11-29T14:59:58.709632+00:00 ABCDE-ABC123 ABCDE-ABC123 - eeb7aaf6f6754586a7e33eb54b59ba4d - CEF:0|Thycotic|Application_Control_Solution|8|eeb7aaf6f6754586a7e33eb54b59ba4d|pdx_password_disclosure|5|externalId=2733778488 PolicyName=example_-_Application_Whitelisting_Monitoring UserName=NT_Authority_System_Account FileName=New_Loaded_Resource_11/29/2024_2:04:55_PM_+00:00 FilePath=C:\\Windows\\SoftwareDistribution\\Download\\Install\\AM_Delta_Patch_1.421.531.0.exe EventReceivedByServer=12/4/2024_11:11:10_PM _FileId=246bb269-78d2-53c8-a524-b1f48aa9c3dc _ComputerId=4c4c4544-0058-4810-8056-c4c04f343333 ComputerName=ABCDE-ABC123
Sample Parsing¶
additional.fields["externalId"] = "2733778488"
metadata.event_type = "GENERIC_EVENT"
metadata.log_type = "DELINEA_PRIVILEGE_MANAGER"
metadata.product_event_type = "pdx_password_disclosure"
metadata.product_log_id = "eeb7aaf6f6754586a7e33eb54b59ba4d"
metadata.product_name = "Application_Control_Solution"
metadata.product_version = "8"
metadata.vendor_name = "Thycotic"
observer.asset.product_object_id = "4c4c4544-0058-4810-8056-c4c04f343333"
observer.hostname = "ABCDE-ABC123"
principal.user.userid = "NT_Authority_System_Account"
security_result.rule_name = "example_-_Application_Whitelisting_Monitoring"
security_result.severity = "LOW"
security_result.severity_details = "5"
security_result.summary = "example_-_Application_Whitelisting_Monitoring"
target.file.full_path = "C:\\\\Windows\\\\SoftwareDistribution\\\\Download\\\\Install\\\\AM_Delta_Patch_1.421.531.0.exe"
target.file.names = "New_Loaded_Resource_11/29/2024_2:04:55_PM_+00:00"
target.resource.product_object_id = "246bb269-78d2-53c8-a524-b1f48aa9c3dc"