Skip to content

VMware Horizon

VMware Horizon

About

VMware Horizon enables a digital workspace with the efficient delivery of virtual desktops and applications that equips workers anywhere, anytime, and on any device. With deep integration into the VMware technology ecosystem, the platform offers an agile cloud-ready foundation, modern best-in-class management, and end to end security

Product Details

Vendor URL: VMware Horizon

Product Type: VDI Software

Product Tier: Tier III

Integration Method: Syslog

Integration URL: VMware Horizon

Parser Details

Log Format: Syslog (although JSON may be supported)

Expected Normalization Rate: near 100%

Data Label: VMWARE_HORIZON

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
GENERIC_EVENT metadata.event_type
VMWARE metadata.vendor_name
HORIZON metadata.product_name
EventType metadata.product_event_type
event_message, 'TRUNCATED_LOG' metadata.description
INFORMATIONAL, UNKNOWN_SEVERITY security_result.severity
Severity security_result.severity_details
iporhost intermediary.hostname
UserDisplayName principal.user.user_display_name
ForwardedClientIpAddress principal.ip
asset:DesktopId target.asset_id
SessionType target.resource.name
MachineDnsName target.hostname
ClientIpAddress target.ip

Product Event Types

Event UDM Event Classification
all event types GENERIC_EVENT

Log Sample

<166>1 2022-02-25T15:09:30.049-07:00 hostname.domain.net View - 1007 [View@6876 Severity="INFO" Module="Agent" EventType="AGENT_CONNECTED" UserSID="S-1-5-21-1229272821-REDACTED-REDACTED-173708" UserDisplayName="DOMAIN\user" DesktopId="GENERIC_HOSTNAME01" DesktopDisplayName="GENERIC_HOSTNAME01" PoolId="redacted pool information" MachineId="4ac691c2-abcd-4e92-b0c5-redacted1234" MachineName="GENERIC_HOSTNAME01" MachineDnsName="hostname.domain.net" SessionType="DESKTOP"] User DOMAIN\user has logged in to a new session on machine GENERIC_HOSTNAME01

Sample Parsing

metadata.event_type: GENERIC_EVENT
metadata.vendor_name: "VMWARE"
metadata.product_name: "HORIZON"
metadata.product_event_type: "AGENT_CONNECTED"
metadata.description: "User DOMAIN\user has logged in to a new session on machine GENERIC_HOSTNAME01"
intermediary.hostname: "hostname.domain.net"
principal.user.user_display_name: "DOMAIN\user"
target.asset_id: "asset:GENERIC_HOSTNAME01"
target.resource.name: "DESKTOP"
target.hostname: "hostname.domain.net"
security_result.severity: INFORMATIONAL
security_result.severity_details: "INFO"

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon