TUFIN¶
About¶
Tufin is a network security policy management company that provides software for automating security policy changes across complex hybrid, multi-cloud, and physical networks. Its main offering, the Tufin Orchestration Suite, helps organizations maintain a robust security posture while increasing business agility.
Product Details¶
Vendor URL: Tufin - The Security Policy Company
Product Type: Security Auditing, Policy Managment and Orchestration
Product Tier: Tier III
Integration Method: Syslog
Parser Details¶
Log Format: SYSLOG, JSON
Expected Normalization Rate: 100%
Data Label: TUFIN
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| time | metadata.event_timstamp |
| level | security_result.severity_details |
| msg | metadata.description |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| proxy - event | NETWORK_CONNECTION |
| all others | GENERIC_EVENT |
Log Sample¶
<30>Oct 8 09:02:40 test.localhost test[1500]: time="2025-10-08T09:02:40-07:00" level=warning msg="Proxy error: write failed: write tcp 127.0.0.1:6443->127.0.0.1:47550: write: connection reset by peer"
Sample Parsing¶
metadata.event_timestamp = "2025-10-08T09:02:40Z"
observer.hostname = "test.localhost"
metadata.event_type = "NETWORK__CONNECTION"
metadata.vendor_name = "TUFIN"
metadata.product_name = "TUFIN"
metadata.description = "connection reset by peer"
security_result.description = "Proxy error"
security_result.severity_details = "warning"
security_result.action = "BLOCK"
about.labels.key = "operation"
about.labels.value = "write"
network.ip_protocol = "TCP"
principal.ip = "127.0.0.1"
principal.port = 6443
target.ip = "127.0.0.1"
target.port = 47550