Secret Server¶
About¶
Secret Server is a privileged access management solution that lets IT administrators and IT security professionals, secure privileges for services, applications, root and administrator accounts across the enterprise.
Product Details¶
Vendor URL: Secret Server
Product Type: Access Management
Product Tier: Tier III
Integration Method: Syslog
Integration URL: n/a
Log Guide: n/a
Parser Details¶
Log Format: CEF
Expected Normalization Rate: near 100%
Data Label: DELINEA_SECRET_SERVER
UDM Fields (list of all UDM fields leveraged in the Parser):
Log File Field | UDM Field |
---|---|
cef_vendor | metadata.vendor_name |
cef_product | metadata.product_name |
cef_version | metadata.product_version |
cef_event_type | metadata.product_event_type |
cef_description | metadata.description |
observer | observer.hostname |
cef_severity | security_result.severity_details |
msg | security_result.summary |
suser | principal.user.user_display_name |
suid | principal.user.userid |
cs3 | target.resource_ancestors.name |
cs3Label | target.resource_ancestors.resource_subtype |
fname | target.file.full_path |
fileId | target.resource.id |
Product Event Types¶
Event | UDM Event Classification |
---|---|
all events | GENERIC_EVENT |
Log Sample¶
Feb 20 2023 16:55:56 hostname CEF:0|Thycotic Software|Secret Server|11.4.000000|500|System Log|5|msg=ComputerScanConsumer: Some Sites are unready and Discovery will not run on them: rt=Feb 20 2023 21:55:56
Sample Parsing¶
metadata.event_timestamp = 1676930156
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Thycotic Software"
metadata.product_name = "Secret Server"
metadata.product_version = "11.4.000000"
metadata.product_event_type = "500"
metadata.description = "System Log"
observer.hostname = "hostname"
security_result.summary = "ComputerScanConsumer: Some Sites are unready and Discovery will not run on them:"
security_result.severity_details = "5"