Radware DDoS¶
About¶
Service availability is the cornerstone of the digital experience. Downtime leads to lost revenue, reputational damage and unsatisfied customers. Data center protection whether on premise or cloud based, has never been more critical. Ensure service availability with agile industry-leading DDoS protection solutions which use automated and behavioral-based technologies to mitigate the largest, most complex DDoS attacks.
Product Details¶
Vendor URL: Radware DDoS
Product Type: Vulnerability Management
Product Tier: Tier III
Integration Method: Custom
Integration URL: Rapid7 Insight
Log Guide: N/A
Parser Details¶
Log Format: Syslog + KV
Expected Normalization Rate: Near 100%
Data Label: RADWARE_DDOS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| sourceIP | principal.ip |
| countryCode | principal.location.country_or_region |
| destinationIP | target.ip |
| destinationPort | target.port |
| name | metadata.description |
Product Event Types¶
| type,subtype | UDM Event Classification |
|---|---|
| all events | GENERIC_EVENT |
Log Sample¶
- [SystemAttackSysLogMessage destinationIP="10.10.19.2" destinationPort="18220" enrichmentContainer="{contractId=c2419a68-REDACTED-6fd71bXXXabc2,applicationId=0fa72ba4REDACTED-7bdaXXXXX788,tenant=a709f321-REDACTED-4b76XXXXabbb,geoLocation={countryCode=CN}}" name="Invalid TCP Flags" sourceIP="10.1.2.141" timestamp="05-06-2022 17:16:17" totalPackets="1" totalVolume="0.078"]
Sample Parsing¶
metadata.event_type: GENERIC_EVENT
metadata.description: "Invalid TCP Flags"
principal.ip: "10.1.2.141"
principal.location.country_or_region: "CN"
target.ip: "10.10.19.2"
target.port: 18220
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon