Splashtop¶
About¶
Splashtop is a remote access and support software that allows users to remotely access or support computers from mobile and desktop devices. Splashtop offers a variety of products for different use cases.
Product Details¶
Vendor URL: Splashtop
Product Type: Remote Access/Desktop Auditing
Product Tier: Tier III
Integration Method: Webhook
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: SPLASHTOP
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| action | metadata.product_event_type |
| action | security_result.action_details |
| category | security_result.category_details |
| client_email | principal.email |
| client_email | principal_domain |
| client_email | principal_user |
| client_ip | principal.ip |
| client_user_device | principal.hostname |
| destination_ip | target.ip |
| destination_user_device | target.hostname |
| destination_user_platform | target.platform_version |
| env | security_result.about.resource.name |
| id | metadata.product_log_id |
| message | security_result.summary |
| module | security_result.detection_fields |
| module | extensions.auth.mechanism |
| service_name | metadata.product_name |
| service_version | metadata.product_version |
| severity | security_result.severity_details |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| chat_sessions | USER_COMMUNICATION |
| generic | GENERIC_EVENT |
| member_manually_log_in, login_new_device, logon_csrs | USER_LOGIN |
| member_manually_log_out | USER_LOGOUT |
| sos_sessions, share_session | NETWORK_CONNECTION |
| updates | STATUS_UPDATE |
Log Sample¶
{"action":"share_session","category":"session","client_email":"john.doe@example.com","client_ip":"10.0.0.0","client_user_device":"EXAMPLE_HOST123","code":"session_3","destination_ip":"0.0.0.0","destination_user_device":"DEST_HOST123","destination_user_platform":"Microsoft Windows 11 Enterprise 64-bit (10.0.22631)","env":"app","id":"session_12345678","kind":"event","message":"Share Session START.","module":"remote","original":"2024-06-24 02:15:45 UTC Share Session START, user: john.doe@example.com, IP: 10.0.0.0","service_name":"Splashtop","service_version":"1.0","timestamp":"2024-06-24 02:15:45 UTC"}
Sample Parsing¶
extensions.auth.mechanism = "REMOTE"
metadata.event_type = "NETWORK_CONNECTION"
metadata.log_type = "SPLASHTOP"
metadata.product_event_type = "share_session"
metadata.product_log_id = "session_12345678"
metadata.product_name = "Splashtop"
metadata.product_version = "1.0"
principal.administrative_domain = "example.com"
principal.email = "john.doe@example.com"
principal.hostname = "EXAMPLE_HOST123"
principal.ip = "10.0.0.0"
principal.user.userid = "john.doe"
security_result.about.resource.name = "app"
security_result.action_details = "share_session"
security_result.category_details = "session"
security_result.detection_fields.key = "Module"
security_result.detection_fields.value = "remote"
security_result.summary = "Share Session START."
target.hostname = "DEST_HOST123"
target.ip = "0.0.0.0"
target.platform = "WINDOWS"
target.platform_version = "Microsoft Windows 11 Enterprise 64-bit (10.0.22631)"