Skip to content

Rubrik

Rubrik

About

Rubrik is a cloud data management company based in Palo Alto, California, United States founded in December 2013 with offices in Morrisville, North Carolina, Bangalore, India, Lawrence, Kansas, Amsterdam, Netherlands, Nottingham, England and Cork, Ireland.

Product Details

Vendor URL: Rubrik Data Backup - Gartner on Ransomware Recovery

Product Type: Zero Trust Data Security

Product Tier: Tier I

Integration Method: Syslog

Integration URL: Security Hardening Best Practices - Rubrik

Log Guide: N/A

Parser Details

Log Format: Syslog

Expected Normalization Rate: 90%

Data Label: RUBURIK

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
cluster_name src.resource.parent
command src.process.command_line
description security_result.action
dhost target.hostname
dhost target.ip
dst target.hostname
dst target.ip
dst_domain target.administrative_domain
dst_port target.port
error_code additional.error_code
error_message additional.error_message
error_reason additional.error_reason
error_remedy additional.error_remedy
event_id additional.event_id
event_series_id additional.event_series_id
file_path src.file.full_path
job_type security_result.description
node_ip observer.ip
object_id src.resource.product_object_id
object_name src.resource.name
object_type principal.application
observer observer.hostname
observer_domain observer.administrative_domain
path src.url
product_event metadata.product_event_type
proto network.ip_protocol
severity security_result.severity
shost principal.hostname
shost principal.ip
src principal.hostname
src principal.ip
src_domain principal.administrative_domain
src_port principal.port
Statically Defined extensions.auth.type
Statically Defined src.resource.resource_type
Statically Defined metadata.event_type
Statically Defined metadata.vendor_name
summary security_result.summary
suser principal.user.userid

Product Event Types

type,subtype severity UDM Event Classification alerting enabled
src, dst, and protocol Information NETWORK_CONNECTION
session opened USER_LOGIN
session closed USER_LOGOUT
Default GENERIC_EVENT

Log Sample

<30>Jan 31 16:26:11 OBSERVER_DATA snmpd[909]: Connection from UDP: [10.0.0.1]:59689->[10.0.0.2]:161

Sample Parsing

metadata.event_timestamp = "2022-01-31T16:26:11Z"
metadata.event_type = "NETWORK_CONNECTION"
metadata.vendor_name = "Rubrik"
metadata.product_event_type = "snmpd"
metadata.description = "Connection from UDP: [10.0.0.1]:59689->[10.0.0.2]:161"
metadata.ingested_timestamp = "2022-01-31T16:26:32.615608Z"
metadata.ingestion_labels.key = "cyderes.io/source/agent"
metadata.ingestion_labels.value = "cdp-syslog-forwarder@cyderes.io/latest"
metadata.ingestion_labels.key = "cyderes.io/source/path"
metadata.ingestion_labels.key = "cyderes.io/source/type"
metadata.ingestion_labels.key = "cyderes.io/persistent-object"
metadata.ingestion_labels.value = "cyderes_zh_0.gz"
principal.ip = "10.0.0.1"
principal.port = 59689
principal.asset.ip = "10.0.0.1"
target.ip = "10.0.0.2"
target.port = 161
target.asset.ip = "10.0.0.2"
observer.hostname = "OBSERVER_DATA"
network.ip_protocol = "UDP"

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon