Dell EMC Isilon¶
About¶
Dell EMC Isilon hybrid storage platforms powered by the OneFS operating system uses a versatile yet simple scale-out architecture to speed access to massive amounts of data. The hybrid platforms are highly flexible and strikes the balance between large capacity and high-performance storage to provide support for a broad range of enterprise file workloads.
Product Details¶
Vendor URL: Dell Isilon Archive Nas Storage
Product Type: NAS
Product Tier: Tier III
Integration Method: Unknown
Integration URL: N/A
Log Guide: Dell EMC Log Guide
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 75%
Data Label: DELL_EMC_NAS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Defined | metadata.vendor_name |
| Defined | metadata.product_name |
| Defined | metadata.product_version |
| Defined | metadata.event_type |
| event_id - proto event_type reason - result | metadata.description |
| event_type | metadata.product_event_type |
| observer, src | principal.hostname |
| src | principal.ip |
| target | target.file.full_path |
| pwd | additional.fields |
| command | additional.fields |
| tty | additional.fields |
| user | principal.user.userid |
| user_sid | principal.user.windows_sid |
| proto | network.application_protocol |
| observer | observer.hostname |
| observer | observer.ip |
| intermediary | intermediary |
| event_action | security_result |
Product Event Types¶
| Description | metadata.event_type |
|---|---|
| audit_protocol | GENERIC_EVENT |
| audit_protocol | FILE_OPEN |
| audit_protocol | RESOURCE_PERMISSIONS_CHANGE |
| audit_protocol | FILE_CREATION |
| audit_protocol | FILE_DELETION |
| audit_protocol | FILE_MODIFICATION |
| syslogd | STATUS_UPDATE |
| sudo | USER_UNCATEGORIZED |
| sshd | GENERIC_EVENT |
| isi_job_d | STATUS_UPDATE |
| syslog | STATUS_UPDATE |
Log Sample¶
<13>Aug 27 14:16:35 sysloghost audit_protocol[2869]: 2021-08-27T14:16:35.000Z 10.3.20.23 sid|123456789|System|1|10.10.10.10|SMB|OPEN|SUCCESS|123456789|DIR|OPENED|123456789|/ifs/windows/work|john.doe
Sample Parsing¶
metadata.event_timestamp = "2021-08-27T14:16:35Z"
metadata.event_type = "FILE_OPEN"
metadata.vendor_name = "Dell"
metadata.product_name = "EMC"
metadata.product_version = "Isilon"
metadata.description = "audit_protocol[2869] - SMB DIR OPENED - SUCCESS"
principal.user.userid = "john.doe"
principal.user.windows_sid = "sid"
principal.ip = "10.10.10.10"
target.file.full_path = "/ifs/windows/work"
intermediary.ip = "10.10.10.23"
observer.hostname = "sysloghost"
security_result.action = "ALLOW"
network.application_protocol = "SMB"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon