Workspot Control¶
About¶
Workspot Control is the admin console IT admins use to provision and manage all their SaaS Cloud PCs and cloud workstations globally.
Product Details¶
Vendor URL: Workspot
Product Type: SaaS
Product Tier: Tier III
Integration Method: API
Integration URL: Workspot Control
Log Guide: Workspot Control Event Logs
Parser Details¶
Log Format: JSON
Expected Normalization Rate: near 100%
Data Label: WORKSPOT_CONTROL
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| "Workspot" | metadata.vendor_name |
| "Control" | metadata.product_name |
| description | metadata.description |
| eventType | metadata.product_event_type |
| clientVersion | metadata.product_version |
| hostname | observer.hostname |
| adUser | principal.hostname |
| principal.user.email_addresses | |
| username | principal.user.userid |
| location | principal.location.country_or_region |
| location | principal.location.state |
| network | network.carrier_name |
| duration | network.session_duration.seconds |
| hostname | target.hostname |
| deviceOS | target.asset.software |
| deviceOSVersion | target.platform.version |
| device | additional.fields |
| poolName | additional.fields |
| eventName | security_result.summary |
| severity | security_result.severity |
| severity | security_result.severity_details |
Product Event Types¶
| Product Event | Description | UDM Event |
|---|---|---|
| All | All events | GENERIC_EVENT |
Log Sample¶
{"adUser":"adUser.name","dateTime":"10/07/2022 21:18:02.594","description":"username started connection to desktop hostname in Persistent pool poolname","device":"STANDARD PREMIUM (2 vCPUs, 8GB RAM, 128GB)","email":"username@email.com","eventName":"Connection Start","eventType":"VM Desktop","hostname":"hostname","location":"eastus","poolName":"poolname","severity":"Info","username":"username"}
Sample Parsing¶
metadata.event_timestamp = 1668179186
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Workspot"
metadata.product_name = "Control"
metadata.product_event_type = "VM Desktop"
metadata.description = "username started connection to desktop hostname in Persistent pool poolname"
additional.fields.key = "Pool Name"
additional.fields.value = "poolname"
additional.fields.key = "User Device"
additional.fields.value = "STANDARD PREMIUM (2 vCPUs, 8GB RAM, 128GB)"
principal.hostname = "adUser.name"
principal.user.userid = "username"
principal.user.email_addresses = "username@email.com"
principal.location.country_or_region = "eastus"
observer.hostname = "hostname"
target.hostname = "hostname"
security_result.summary: "Connection Start"
security_result.severity: "INFORMATIONAL"
security_result.severity_details: "Info"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon