Secret Server¶
About¶
Secret Server is a privileged access management solution that lets IT administrators and IT security professionals, secure privileges for services, applications, root and administrator accounts across the enterprise.
Product Details¶
Vendor URL: Secret Server
Product Type: Access Management
Product Tier: Tier III
Integration Method: Syslog
Integration URL: n/a
Log Guide: n/a
Parser Details¶
Log Format: CEF
Expected Normalization Rate: near 100%
Data Label: DELINEA_SECRET_SERVER
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| cef_vendor | metadata.vendor_name |
| cef_product | metadata.product_name |
| cef_version | metadata.product_version |
| cef_event_type | metadata.product_event_type |
| cef_description | metadata.description |
| observer | observer.hostname |
| cef_severity | security_result.severity_details |
| msg | security_result.summary |
| suser | principal.user.user_display_name |
| suid | principal.user.userid |
| cs3 | target.resource_ancestors.name |
| cs3Label | target.resource_ancestors.resource_subtype |
| fname | target.file.full_path |
| fileId | target.resource.id |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all events | GENERIC_EVENT |
Log Sample¶
Feb 20 2023 16:55:56 hostname CEF:0|Thycotic Software|Secret Server|11.4.000000|500|System Log|5|msg=ComputerScanConsumer: Some Sites are unready and Discovery will not run on them: rt=Feb 20 2023 21:55:56
Sample Parsing¶
metadata.event_timestamp = 1676930156
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Thycotic Software"
metadata.product_name = "Secret Server"
metadata.product_version = "11.4.000000"
metadata.product_event_type = "500"
metadata.description = "System Log"
observer.hostname = "hostname"
security_result.summary = "ComputerScanConsumer: Some Sites are unready and Discovery will not run on them:"
security_result.severity_details = "5"