Voltage¶
About¶
Voltage solutions discover, analyze, and protect sensitive structured and unstructured data. It reduces breach risk, and enables data usability with privacy across hybrid IT.
Product Details¶
Vendor URL: Voltage Data Privacy and Protection - Micro Focus
Product Type: OS
Product Tier: Tier III
Integration Method: Custom
Integration URL: N/A
Log Guide: N/A
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 75%
Data Label: VOLTAGE
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| vendor | metadata.vendor_name |
| product | metadata.product_name |
| version | metadata.product_version |
| GENERIC_EVENT | metadata.event_type |
| application | principal.application |
| file_name | src.file.full_path |
| command | principal.process.command_line |
| src | principal.hostname |
| src | principal.ip |
| dst | target.hostname |
| dst | target.ip |
| dhost | target.hostname |
| dhost | target.ip |
| shost | principal.hostname |
| shost | principal.ip |
| suser | principal.user.userid |
| summary | security_result.summary |
| observer | observer.hostname |
| observer | observer.ip |
| ALLOW/BLOCK | security_result.action |
| INFORMATIONAL/LOW/MEDIUM/HIGH | security_result.severity |
| product_event | metadata.product_event_type |
| log_data | metadata.description |
Product Event Types¶
| type,subtype | severity | UDM Event Classification | alerting enabled |
|---|---|---|---|
| Default | GENERIC_EVENT |
Log Sample¶
<85>Dec 16 17:09:18 SERVERNAME sudo: ngc-svc : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/nagios/libexec/check_wm_wrapper -c check_disk -a -e -w 25% -c 10% -x /
Sample Parsing¶
metadata.event_timestamp = "2021-12-16T17:09:18Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "VOLTAGE"
metadata.product_event_type = "sudo"
metadata.description = "ngc-svc : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/nagios/libexec/check_wm_wrapper -c check_disk -a -e -w 25% -c 10% -x /"
metadata.ingested_timestamp = "2021-12-16T17:09:23.301747Z"
principal.user.userid = "root"
principal.process.command_line = "/usr/local/nagios/libexec/check_wm_wrapper -c check_disk -a -e -w 25% -c 10% -x /"
principal.namespace = "COMPANYNAME"
src.file.full_path = "/"
src.namespace = "COMPANYNAME"
observer.hostname = "SERVERNAME"
observer.namespace = "COMPANYNAME"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon