Tufin SecureTrack¶
About¶
SecureTrack+ is here to make network security less complicated. It gives you the visibility and control you need over your hybrid-cloud networks, helping to simplify policy management and reduce risks. Experience a practical solution that’s built to support your network’s continuous growth and adaptation.
Product Details¶
Vendor URL: Tufin SecureTrack
Product Type: Policy audit tool
Product Tier: Tier III
Integration Method: Syslog
Log Guide: SecureTrack Audit Trail
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 100%
Data Label: TTPORTAL_DB38
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Tufin (static) | metadata.vendor_name |
| SecureTrack (static) | metadata.product_name |
| Custom filter | metadata.product_event_type |
| Custom filter | metadata.description |
| Custom filter | observer.hostname |
| Custom filter | principal.user.userid |
| Custom filter | target.hostname |
| Custom filter | target.resource.resource_subtype |
| Custom filter | target.user.userid |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| Rule Export | USER_RESOURCE_UPDATE_CONTENT |
| Session | USER_UNCATEGORIZED |
| Generate | USER_RESOURCE_CREATION |
| View policy | USER_RESOURCE_ACCESS |
| Login | USER_LOGIN |
| all others | GENERIC_EVENT |
Log Sample¶
<14>Mar 21 11:04:35 hostname1 SecureTrack: Login was done by john_doe., Additional Info: timestamp:2024.03.21 11:04:35 CDT
Sample Parsing¶
metadata.description = "Login was done by john_doe"
metadata.event_timestamp.seconds = 1711037075
metadata.event_type = "USER_LOGIN"
metadata.product_event_type = "Login"
metadata.product_name = "SecureTrack"
metadata.vendor_name = "Tufin"
observer.hostname = "hostname1"
target.user.userid = "john_doe"