Software House Access Control¶
About¶
Software House has built a solid reputation in the security industry as an innovator of security and event management technologies. With its continuous investment in R&D, and the ability to leverage new technologies, Software House has reached technological excellence.
Product Details¶
Vendor URL: Software House Access Control
Product Type: Access Control
Product Tier: Tier III
Integration Method: Syslog
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 100%
Data Label: SOFTWARE_HOUSE_ACS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| eventId | metadata.product_log_id |
| Software House | metadata.vendor_name |
| Access Control | metadata.product_name |
| custom filter | metadata.product_event_type |
| msg | metadata.description |
| ahost | principal.hostname |
| suser | principal.user.userid |
| cs6 | principal.user.user_display_name |
| flexNumber1 | principal.user.product_object_id |
| cs1 | principal.user.first_name |
| cs2 | principal.user.last_name |
| cs4 | principal.user.department |
| cs5 | principal.user.company_name |
| agt | principal.ip |
| ahost | principal.asset.hostname |
| agt | principal.asset.ip |
| dvchost | target.hostname |
| dvc | target.ip |
| msg | target.location.name |
| dvchost | target.asset.hostname |
| dbvc | target.asset.ip |
| custom filter | security_result.summary |
| custom filter | security_result.action_details |
| PHYSICAL | extensions.auth.type |
| BADGE_READER | extensions.auth.mechanism |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all events | USER_BADGE_IN |
Log Sample¶
Oct 20 07:07:40 10.10.0.1 CEF: 0|CCURE|ACS|1||CardRejected|Unknown| eventId=922868 msg=Location entry door 3 art=1666264059973 rt=1666264059973 suser=jdoe1 cs1=John cs2=Doe cs4=department1 cs5=company1 cs6=Doe, John flexNumber1=1111 deviceCustomDate1=1666282056220 cs1Label=First Name cs2Label=Last Name cs3Label=Direction cs4Label=Department cs5Label=Company cs6Label=Full Name cn1Label=ACS Serial Number flexString1Label=State flexNumber1Label=Card Number ahost=hostname1 agt=10.10.0.1 agentZoneURI= av=7.15.0.8295.0 atz=CST6CDT at=flexmulti_db dvchost=hostname2 dvc=10.10.0.2 deviceZoneURI= dtz=CST6CDT geid=0 _cefVer=0.1 aid=
Sample Parsing¶
metadata.product_log_id = "922868"
metadata.event_timestamp.seconds = 1666264060
metadata.event_timestamp.nanos = 0
metadata.event_type = "USER_BADGE_IN"
metadata.vendor_name = "Software House"
metadata.product_name = "Access Control"
metadata.product_event_type = "CardRejected"
metadata.description = "Location entry door 3"
principal.hostname = "hostname1"
principal.user.userid = "jdoe1"
principal.user.user_display_name = "Doe, John"
principal.user.product_object_id = "1111"
principal.user.first_name = "John"
principal.user.last_name = "Doe"
principal.user.department = "department1"
principal.user.company_name = "company1"
principal.ip = "10.10.0.1"
principal.asset.hostname = "hostnamel"
principal.asset.ip = "10.10.0.1"
target.hostname = "hostname2"
target.ip = "10.10.0.2"
target.location.name = "Location entry door 3"
target.asset.hostname = "hostname2"
target.asset.ip = "10.10.0.2"
security_result.category = "UNKNOWN_CATEGORY"
security_result.summary = "CardRejected"
security_result.action = "BLOCK"
security_result.action_details = "CardRejected"
extensions.auth.type = "PHYSICAL"
extensions.auth.mechanism = "BADGE_READER"
Parser Alerting¶
No parser-based alerting exists.
Rules¶
Coming Soon