Veriato Cerebral¶
About¶
Veriato Cerebral is a an AI-Driven insider threat detection platform as well as robust employee tracking and employee monitoring software. It integrates User & Entity Behavior Analytics (UEBA) with User Activity Monitoring (UAM), allowing rapid Data Breach Response (DBR).
Product Details¶
Vendor URL: Veriato
Product Type: DBR
Product Tier: Tier III
Integration Method: Syslog
Parser Details¶
Log Format: CEF
Expected Normalization Rate: 100%
Data Label: VERIATO_CEREBRAL
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| ActionDescription | security_result.action_details |
| ActiveTime | additional.fields |
| CharacterSet | additional.fields |
| ComputerFriendlyName | principal.asset.hostname |
| DestinationDomain | target.administrative_domain |
| dhost | target.hostname |
| DocAction | security_result.action_details |
| DocDeviceName | target.hostname |
| DocDeviceType | target.asset.category |
| DocExtension | target.file.mime_type |
| DocName | target.file.names |
| DocNewName | target.file.full_path |
| DocPath | target.file.full_path |
| FileSize | target.file.size |
| FocusTime | additional.fields |
| FormattedKeyCount | additional.fields |
| KeyboardLocale | additional.fields |
| OSType | principal.asset.platform_software.platform |
| PrintPageCount | additional.fields |
| shost | principal.hostname |
| sproc | principal.process.file.names |
| srcDnsDomain | principal.administrative_domain |
| suser | principal.user.userid |
| TotalTime | additional.fields |
| TRANS_ID | metadata.product_log_id |
| URL | target.url |
| UserFriendlyName | principal.user.user_display_name |
| WindowCaption | target.resource.name |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| 360_document_tracking - DELETE | FILE_DELETION |
| 360_document_tracking - EDIT | FILE_MODIFICATION |
| 360_document_tracking - RENAME | FILE_MOVE |
| 360_keystroke | USER_RESOURCE_UPDATE_CONTENT |
| 360_programs | PROCESS_LAUNCH |
| 360_url | NETWORK_HTTP |
| 360_user_activity | USER_UNCATEGORIZED |
Log Sample¶
Apr 24 07:37:57 EXAMPLE1234 CEF:0|Veriato|Veriato 360|9.0|12|360_document_tracking|1|rt=4/24/2025 7:37:57 AM TRANS_ID=34679 srcDnsDomain=homeoffice.ex.corp shost=ABCD1234HOST OSTypeID=6 suser=jdoe sproc=explorer DocDeviceType=NETWORK DocDeviceName=tsclient DocAction=EDIT UserFriendlyName=John Doe ComputerFriendlyName=ABCD1234HOST DocPath=\\O\\John Doe\\ DocName=MAIN0905_RSMDB_1234.zip DocExtension=zip PlatformType=Desktop OSType=Windows PrintPageCount=0 FileSize=69621219 DatabaseReceived=4/24/2025 7:40:50 AM TimeZone=Central Standard Time
Sample Parsing¶
additional.fields["PrintPageCount"] = "0"
metadata.event_type = "FILE_MODIFICATION"
metadata.log_type = "VERIATO_CEREBRAL"
metadata.product_event_type = "360_document_tracking"
metadata.product_log_id = "34679"
metadata.product_name = "Veriato 360"
metadata.product_version = "9.0"
metadata.vendor_name = "Veriato"
observer.hostname = "EXAMPLE1234"
principal.administrative_domain = "homeoffice.ex.corp"
principal.asset.hostname = "ABCD1234HOST"
principal.asset.platform_software.platform = "WINDOWS"
principal.hostname = "ABCD1234HOST"
principal.process.file.names = "explorer"
principal.user.user_display_name = "John Doe"
principal.user.userid = "jdoe"
security_result.action_details = "EDIT"
security_result.severity_details = "1"
target.asset.category = "NETWORK"
target.asset.hostname = "tsclient"
target.file.full_path = "\\\\O\\\\John Doe\\\\"
target.file.mime_type = "zip"
target.file.names = "MAIN0905_RSMDB_1234.zip"
target.file.size = 69621219
target.hostname = "tsclient"