Skip to content

Progress MOVEit Automation

MOVEit automation

About

Progress (Formerly IPSwitch)

Product Details

Vendor URL: MOVEit File Transfer Software

Product Type: FTP Server

Product Tier: Tier III

Integration Method: Syslog

Parser Details

Log Format: Syslog

Expected Normalization Rate: 97%

Data Label: IPSWITCH_MOVEIT_TRANSFER

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
AgentBrand metadata.product_event_type
AgentVersion metadata.product_version
company_name principal.user.company_name
description metadata.description
Error additional.fields
FileName target.file.full_path
FolderPath target.file.full_path
FileID target.resource.attribute.labels
FolderID target.resource.attribute.labels
hostname principal.hostname
ID principal.user.userid
InstID metatdata.product_log_id
IPAddress principal.ip
Message metadata.description
Parm1 additional.fields
Parm2 additional.fields
version metadata.product_version
XFerSize additional.fields
_event metadata.product_event_type
_portNum principal.port
_srcUser principal.user.userid
src_user principal.user.userid
_srcIP principal.ip
_sessionID metatdata.product_log_id

Event Types

Condition event type
description =~ Delete File FILE_DELETION
FolderPath != "" FILE_UNCATEGORIZED
application_proto = HTTP NETWORK_HTTP
IPAddress != "" STATUS_UPDATE
otherwise GENERIC_EVENT

Log Sample

{"EventTime":"2023-12-22 09:15:42","Hostname":"WORKSTATION-1234","Keywords":"0x80000000000000","LevelValue":4,"EventType":"INFO","SeverityValue":2,"Severity":"INFO","EventID":0,"SourceName":"MOVEit_DMZ_Audit","ProviderGuid":null,"Version":null,"TaskValue":0,"OpcodeValue":null,"RecordNumber":123456789101112,"ExecutionProcessID":null,"ExecutionThreadID":null,"Channel":"Sample Channel","Message":"User 'Janet Doe' (janetdoe) :  Downloaded file password_sample_file_20231222_912.txt (#117181607) from folder /Users/Janet Doe/Documents\r\nIP: 192.168.0.12\r\nUsername: janetdoe\r\nAgentBrand: MOVEit Automation\r\nAgentVersion: 14.1.2.35\r\nXFerSize: 126553\r\nParm2: 0\r\nError: 0\r\n","EventReceivedTime":"2023-12-22T09:15:42.862651+00:00","SourceModuleName":"moveit_transfer","SourceModuleType":"im_msvistalog"}

Sample Parsing

metadata.product_log_id: "123450"
metadata.event_type: FILE_UNCATEGORIZED
metadata.vendor_name: "IPS"
metadata.product_name: "IPSWITCH MOVEIT TRANSFER"
metadata.product_version: "14.1.2.35"
metadata.product_event_type: "MOVEit Automation"
metadata.description: "User 'Janet Doe' (janetdoe) :  Downloaded file password_sample_file_20231222_912.txt (#117181607) from folder /Users/Janet Doe/Documents. "
additional.fields["Error"]: "0"
additional.fields["Parm2"]: "0"
principal.hostname: "WORKSTATION-1234"
principal.ip: "192.168.0.12"
target.file.full_path: "/Users/Janet Doe/Documents/password_sample_file_20231222_912.txt"
target.file.names: "password_sample_file_20231222_912.txt"
target.resource.attribute.labels["FileID"]: "117181607"
target.resource.attribute.labels["FolderID"]: "585465549"
target.resource.attribute.labels["FileName"]: "password_sample_file_20231222_912.txt"
target.resource.attribute.labels["XFerSize"]: "126553"

Rules

Coming Soon