Skip to content

Secret Server

Product Name

About

Secret Server is a privileged access management solution that lets IT administrators and IT security professionals, secure privileges for services, applications, root and administrator accounts across the enterprise.

Product Details

Vendor URL: Secret Server

Product Type: Access Management

Product Tier: Tier III

Integration Method: Syslog

Integration URL: n/a

Log Guide: n/a

Parser Details

Log Format: CEF

Expected Normalization Rate: near 100%

Data Label: DELINEA_SECRET_SERVER

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
cef_vendor metadata.vendor_name
cef_product metadata.product_name
cef_version metadata.product_version
cef_event_type metadata.product_event_type
cef_description metadata.description
observer observer.hostname
cef_severity security_result.severity_details
msg security_result.summary
suser principal.user.user_display_name
suid principal.user.userid
cs3 target.resource_ancestors.name
cs3Label target.resource_ancestors.resource_subtype
fname target.file.full_path
fileId target.resource.id

Product Event Types

Event UDM Event Classification
all events GENERIC_EVENT

Log Sample

Feb 20 2023 16:55:56 hostname CEF:0|Thycotic Software|Secret Server|11.4.000000|500|System Log|5|msg=ComputerScanConsumer: Some Sites are unready and Discovery will not run on them: rt=Feb 20 2023 21:55:56

Sample Parsing

metadata.event_timestamp = 1676930156
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Thycotic Software"
metadata.product_name = "Secret Server"
metadata.product_version = "11.4.000000"
metadata.product_event_type = "500"
metadata.description = "System Log"
observer.hostname = "hostname"
security_result.summary = "ComputerScanConsumer: Some Sites are unready and Discovery will not run on them:"
security_result.severity_details = "5"