Skip to content

Software House Access Control

About

Software House has built a solid reputation in the security industry as an innovator of security and event management technologies. With its continuous investment in R&D, and the ability to leverage new technologies, Software House has reached technological excellence.

Product Details

Vendor URL: Software House Access Control

Product Type: Access Control

Product Tier: Tier III

Integration Method: Syslog

Parser Details

Log Format: Syslog

Expected Normalization Rate: 100%

Data Label: SOFTWARE_HOUSE_ACS

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
eventId metadata.product_log_id
Software House metadata.vendor_name
Access Control metadata.product_name
custom filter metadata.product_event_type
msg metadata.description
ahost principal.hostname
suser principal.user.userid
cs6 principal.user.user_display_name
flexNumber1 principal.user.product_object_id
cs1 principal.user.first_name
cs2 principal.user.last_name
cs4 principal.user.department
cs5 principal.user.company_name
agt principal.ip
ahost principal.asset.hostname
agt principal.asset.ip
dvchost target.hostname
dvc target.ip
msg target.location.name
dvchost target.asset.hostname
dbvc target.asset.ip
custom filter security_result.summary
custom filter security_result.action_details
PHYSICAL extensions.auth.type
BADGE_READER extensions.auth.mechanism

Product Event Types

Event UDM Event Classification
all events USER_BADGE_IN

Log Sample

Oct 20 07:07:40 10.10.0.1 CEF: 0|CCURE|ACS|1||CardRejected|Unknown| eventId=922868 msg=Location entry door 3 art=1666264059973 rt=1666264059973 suser=jdoe1 cs1=John cs2=Doe cs4=department1 cs5=company1 cs6=Doe, John flexNumber1=1111 deviceCustomDate1=1666282056220 cs1Label=First Name cs2Label=Last Name cs3Label=Direction cs4Label=Department cs5Label=Company cs6Label=Full Name cn1Label=ACS Serial Number flexString1Label=State flexNumber1Label=Card Number ahost=hostname1 agt=10.10.0.1 agentZoneURI= av=7.15.0.8295.0 atz=CST6CDT at=flexmulti_db dvchost=hostname2 dvc=10.10.0.2 deviceZoneURI= dtz=CST6CDT geid=0 _cefVer=0.1 aid=

Sample Parsing

metadata.product_log_id = "922868"
metadata.event_timestamp.seconds = 1666264060
metadata.event_timestamp.nanos = 0
metadata.event_type = "USER_BADGE_IN"
metadata.vendor_name = "Software House"
metadata.product_name = "Access Control"
metadata.product_event_type = "CardRejected"
metadata.description = "Location entry door 3"
principal.hostname = "hostname1"
principal.user.userid = "jdoe1"
principal.user.user_display_name = "Doe, John"
principal.user.product_object_id = "1111"
principal.user.first_name = "John"
principal.user.last_name = "Doe"
principal.user.department = "department1"
principal.user.company_name = "company1"
principal.ip = "10.10.0.1"
principal.asset.hostname = "hostnamel"
principal.asset.ip = "10.10.0.1"
target.hostname = "hostname2"
target.ip = "10.10.0.2"
target.location.name = "Location entry door 3"
target.asset.hostname = "hostname2"
target.asset.ip = "10.10.0.2"
security_result.category = "UNKNOWN_CATEGORY"
security_result.summary = "CardRejected"
security_result.action = "BLOCK"
security_result.action_details = "CardRejected"
extensions.auth.type = "PHYSICAL"
extensions.auth.mechanism = "BADGE_READER"

Parser Alerting

No parser-based alerting exists.