Venafi¶
About¶
Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, code signing, mobile and SSH. Venafi provides global visibility of machine identities and their associated risks for the extended enterprise—on premises, mobile, virtual, cloud and IoT.
Product Details¶
Vendor URL: Venafi
Product Type: Certificate Management
Product Tier: Tier II
Integration Method: Venafi Syslog Forwarding
Integration URL: Cyderes Syslog Ingestion
Parser Details¶
Log Format: CEF
Expected Normalization Rate: 90%
Data Label: VENAFI
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| custom filter | metadata.event_timestamp |
| CEF Description | metadata.product_event_type |
| CEF Product | metadata.product_name |
| CEF Version | metadata.product_version |
| CEF Vendor | metadata.vendor_name |
| Custom filter | observer.ip |
| cat | security_result.about.file.full_path |
| CEF Event ID | security_result.rule_id |
| CEF Severity | security_result.severity |
| msg | security_result.summary |
Product Event Types¶
| Product Event | Description | UDM Event |
|---|---|---|
| All | All events | GENERIC_EVENT |
Log Sample¶
Oct 24 14:14:21 10.0.0.1 CEF:0|Venafi|TPP|20.4|0x000e0009|Venafi Platform - Venafi Trust Protection Platform Heartbeat|Low|cat=\\VED\\Engines\\HOSTNAME1 msg=The Venafi Trust Protection Platform service manager for the engine HOSTNAME1 is operating.
Sample Parsing¶
metadata.event_timestamp: "Mon, 24 Oct 2022 14:14:21 GMT"
metadata.event_type: "GENERIC EVENT"
metadata.vendor_name: "Venafi"
metadata.product_name: "TPP"
metadata.product_version: "20.4"
metadata.product_event_type: "Venafi Platform - Venafi Trust Protection Platform Heartbeat"
observer.ip: "10.0.0.1"
security_result.about.file.full_path: "\\VED\\Engines\\HOSTNAME1"
security_result.rule_id: "000e0009"
security_result.summary: "The Venafi Trust Protection Platform service manager for the engine HOSTNAME1 is operating."
security_result.severity: "LOW"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon