Skip to content

Swift Alliance Messaging Hub

Product Name

About

Alliance Messaging Hub (AMH) is a modular, multi-network, financial messaging solution. Fully customisable and highly resilient, it uses the latest technology to manage messages and files for various networks in parallel, providing extensive throughput and sophisticated data management.

Product Details

Vendor URL: Swift Alliance Messaging Hub

Product Type: financial messaging solution

Product Tier: Tier III

Integration Method: Syslog

Parser Details

Log Format: Syslog

Expected Normalization Rate: 100%

Data Label: SWIFT_AMH

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
custom logic metadata.event_type
cn1 metadata.product_log_id
static metadata.product_name
custom filter metadata.product_version
cat metadata.product_event_type
static metadata.vendor_name
custom filter observer.hostname
custom filter observer.ip
dvchost principal.asset.hostname
dvc principal.asset.ip
dvcmac principal.asset.mac
cs1 principal.asset.product_object_id
dvchost principal.hostname
dvc principal.ip
dvcmac principal.mac
deviceProcessName principal.process.file.names
custom logic security_result.category_details
custom filter target.hostname
custom filter target.ip
custom filter target.port
custom filter target.url
suid target.user.userid

Product Event Types

Event UDM Event Classification
LdapProxy connection, Connection to host NETWORK_CONNECTION
signed on USER_LOGIN
signed off USER_LOGOUT
All Others GENERIC_EVENT

Log Sample

Oct 10 17:57:49 hostname1 process_name: CEF:0|SWIFT|Alliance Access|7.6.52|AAA-1000|Signoff|Low|cn1=11112222111 cn1Label=Event Sequence ID cn2=0 cn2Label=Is Alarm cs1=aaaaaa1-a382-2223-81v3-c3c16f155555 cs1Label=Instance UUID cs2=aaee00c0-7c8a-421c-a6ec-22414fa0d0bc cs2Label=Correlation ID cs4=aaalNGVleQ6Ku2u3WfaaaNHLR0LGm111x+i6NMNgp2naa cs4Label=Session ID cs5=Security cs5Label=Event Type cat=Operator msg=Operator username1 : signed off from the terminal '10.0.0.1'. suid=username1 dvchost=hostname1 dvc=10.0.0.2 dvcmac=00:a0:e6:cf:0a:2d deviceProcessName=process_name src=10.0.0.1 dtz=America/New_York rt=1665439069000

Sample Parsing

metadata.event_type = "USER_LOGOUT"
metadata.vendor_name = "Swift"
metadata.product_name = "Alliance Web Platform"
metadata.product_version = "7.6.52"
metadata.product_event_type = "Operator"
principal.hostname = "hostname1"
principal.process.file.names = "process_name"
principal.ip = "10.0.0.2"
principal.mac = "00:a0:e6:cf:0a:2d"
principal.asset.product_object_id = "aaaaaa1-a382-2223-81v3-c3c16f155555"
principal.asset.hostname = "hostname1"
principal.asset.ip = "10.0.0.2"
principal.asset.mac = "00:a0:e6:cf:0a:2d"
target.user.userid = "username1"
target.ip = "10.0.0.1"
target.asset.ip = "10.0.0.1"
observer.hostname = "hostname1"
security_result.category_details = "Signoff"
security_result.description = "Operator username1 : signed off from the terminal '10.0.0.1'."
security_result.severity = "LOW"

Parser Alerting

No parser-based alerting exists.

Rules

Coming Soon