NetApp¶
About¶
NetApp, Inc. is an American hybrid cloud data services and data management company headquartered in Sunnyvale, California. It has ranked in the Fortune 500 since 2012. Founded in 1992 with an IPO in 1995, NetApp offers cloud data services for management of applications and data both online and physically.
ONTAP creates a storage infrastructure that reduces costs, accelerates critical workloads, and protects and secures data across hybrid multiclouds.
Product Details¶
Vendor URL: NetApp | Cloud Storage Services
Product Type: Data Management
Product Tier: Tier II
Integration Method: Syslog
Integration URL: How To Setup Logging Events to a Syslog Server
Log Guide: NetApp Log Guide
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: near 100%
Data Label: NETAPP_ONTAP
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Statically defined | extensions.auth.mechanism |
| Statically defined | metadata.vendor_name |
| Statically defined | metadata.product_name |
| msg | metadata.product_event_type |
| section1 | metadata.product_log_id |
| description | metadata.description |
| hostip | observer.hostname |
| Statically defined | network.application_protocol |
| application | principal.application |
| phost | principal.hostname |
| pr_ip | principal.ip |
| pr_port | principal.port |
| section5 | principal.process.command_line |
| pid | principal.process.pid |
| target | target.hostname |
| ip | target.ip |
| port | target.port |
| username | target.user.userid |
| action | security_result.action_details |
| Statically defined | security_result.severity |
| severity | security_result.severity_details |
| operation | security_result.description |
| error | security_result.summary |
Product Event Types¶
| Type,subtype | Description | UDM Event Classification |
|---|---|---|
| Default | All other events | GENERIC_EVENT |
| Connection | NETWORK_CONNECTION | |
| Login | USER_LOGIN |
Log Sample¶
<5>Jul 29 12:11:18 hostname [target_host: sshd.auth.loginDenied:notice]: message="Failed password for invalid user username from 10.10.10.10 port 58059 ssh2 "
Sample Parsing¶
metadata.event_timestamp = "1659096678"
metadata.event_type = "USER_LOGIN"
metadata.vendor_name = "NETAPP"
metadata.product_name = "ONTAP"
metadata.product_event_type = "sshd.auth.loginDenied"
metadata.description = "Failed password for invalid user"
principal.ip = "10.10.10.10"
principal.port = 58059
target.hostname = "target-host"
target.user_userid = "username"
observer.hostname = "hostname"
security_result.severity = "INFORMATIONAL"
security_result.severity_details = "notice"
network.application_protocol = "SSH"
extension.auth.mechanism = "MECHANISM_UNSPECIFIED"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon