Superna Eyeglass¶
About¶
Superna Eyeglass is a virtual appliance that simplifies disaster recovery with Isilon clusters. The application addresses configuration replication and other disaster recovery needs.
Product Details¶
Vendor URL: Superna Eyeglass
Product Type: Audit
Product Tier: Tier III
Integration Method: Syslog
Integration URL: n/a
Log Guide: n/a
Parser Details¶
Log Format: JSON
Expected Normalization Rate: near 100%
Data Label: SUPERNA_EYEGLASS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| "Superna" | metadata.vendor_name |
| "Eyeglass" | metadata.product_name |
| product | metadata.product_event_type |
| eventTimeStamp | metadata.event_timestamp |
| eventCode | metadata.description |
| eventSource | metadata.product_version |
| hostname | observer.hostname |
| meta.computer_name | principal.hostname |
| clientIP | principal.ip |
| userSid | principal.user.windows_sid |
| userSid | principal.user.userid |
| path | target.process.file.full_path |
| cluster.id | security_result.about.asset.attribute.cloud.project.id |
| cluster.name | security_result.about.asset.attribute.cloud.project.name |
| "CLUSTER" | security_result.about.asset.attribute.cloud.project.resource_type |
| eventExt.userId | security_result.about.user.userid |
| server | security_result.about.administrative_domain |
| zone.id | security_result.about.asset.asset_id |
| zone.name | security_result.about.asset.attribute.cloud.availability_zone |
| eventExt.fsId | security_result.about.labels |
| eventExt.inode | security_result.about.labels |
| bytesRead | additional.fields |
| bytesWritten | additional.fields |
| ntStatus | additional.fields |
| protocol | additional.fields |
Product Event Types¶
| Product Event | Description | UDM Event |
|---|---|---|
| All | All events | GENERIC_EVENT |
Log Sample¶
<134>1 2022-05-04T09:21:14.116Z eca.local ECA 1 AuditLogs - {"eventSource":"Isilon","eventTimeStamp":1651656072393,"eventCode":"0x8","path":"filepath","protocol":"HDFS","server":"node012","clientIP":"10.10.10.10","userSid":"EXP:userid","desiredAccess":"128","createDispo":"3","numberOfReads":"0","bytesRead":"0","bytesWritten":"0","ntStatus":"0","zone":{"id":"1","name":"System"},"cluster":{"id":"clusteridnumber","name":"clustername"},"eventExt":{"inode":"inode","userId":"00","fsId":"1"}}
Sample Parsing¶
metadata.event_timestamp = "2022-05-04T09:21:14.116Z"
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Superna"
metadata.product_name = "Eyeglass"
metadata.product_version = "Isilon"
metadata.product_event_type = "AuditLogs"
metadata.description = "Event Code: 0x8"
additional.fields.BytesRead = "0"
additional.fields.BytesWritten = "0"
additional.fields.NtStatus = "0"
additional.fields.Protocol = "HDFS"
principal.user.userid = "EXP:userid"
principal.ip = "10.10.10.10"
target.process.file.full_path = "path"
observer.hostname = "eca.local"
security_result.about.user.userid = "00"
security_result.about.asset.asset_id = "1"
security_result.about.asset.attribute.cloud.project.resource_type = "CLUSTER"
security_result.about.asset.attribute.cloud.project.id = "clusteridnumber"
security_result.about.asset.attribute.cloud.project.name = "clustername"
security_result.about.asset.attribute.cloud.availability_zone = "System"
security_result.about.administrative_domain = "node012"
security_result.about.labels.fsId = "1"
security_result.about.labels.Inode = "inode"
Parser Alerting¶
This product currently does not have any Parser-based Alerting.
Rules¶
Coming Soon