Secret Server¶

Product Name

About¶

Secret Server is a privileged access management solution that lets IT administrators and IT security professionals, secure privileges for services, applications, root and administrator accounts across the enterprise.

Product Details¶

Vendor URL: Secret Server

Product Type: Access Management

Product Tier: Tier III

Integration Method: Syslog

Integration URL: n/a

Log Guide: n/a

Parser Details¶

Log Format: CEF

Expected Normalization Rate: near 100%

Data Label: DELINEA_SECRET_SERVER

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field	UDM Field
cef_vendor	metadata.vendor_name
cef_product	metadata.product_name
cef_version	metadata.product_version
cef_event_type	metadata.product_event_type
cef_description	metadata.description
observer	observer.hostname
cef_severity	security_result.severity_details
msg	security_result.summary
suser	principal.user.user_display_name
suid	principal.user.userid
cs3	target.resource_ancestors.name
cs3Label	target.resource_ancestors.resource_subtype
fname	target.file.full_path
fileId	target.resource.id

Product Event Types¶

Event	UDM Event Classification
all events	GENERIC_EVENT

Log Sample¶

Feb 20 2023 16:55:56 hostname CEF:0|Thycotic Software|Secret Server|11.4.000000|500|System Log|5|msg=ComputerScanConsumer: Some Sites are unready and Discovery will not run on them: rt=Feb 20 2023 21:55:56

Sample Parsing¶

metadata.event_timestamp = 1676930156
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Thycotic Software"
metadata.product_name = "Secret Server"
metadata.product_version = "11.4.000000"
metadata.product_event_type = "500"
metadata.description = "System Log"
observer.hostname = "hostname"
security_result.summary = "ComputerScanConsumer: Some Sites are unready and Discovery will not run on them:"
security_result.severity_details = "5"

Rules¶

Coming Soon