Skip to content

WTI Console Server

WTI Console Server

About

WTI is an industry leader in out-of-band network management dedicated to developing solutions that solve problems on the worlds most advanced networks.

Product Details

Vendor URL: WTI Console Server

Product Type: Remote Management

Product Tier: Tier III

Integration Method: Syslog

Integration URL: WTI Console Server

Parser Details

Log Format: Syslog

Expected Normalization Rate: near 100%

Data Label: WTI_CONSOLE_SERVERS

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
"GENERIC_EVENT" metadata.event_type
"WTI" metadata.vendor_name
"CONSOLE SERVER" metadata.product_name
action metadata.product_event_type
srcIp principal.ip
srcPort principal.port
username principal.user.userid
dvc intermediary.hostname
asset:serialNum intermediary.asset_id
process.pid intermediary.pid
proto network.application_protocol
"BLOCK" security_result.action
"AUTH_VIOLATION" security_result.category
description security_result.description
action security_result.summary

Product Event Types

Event UDM Event Classification
all event types GENERIC_EVENT

Log Sample

278 <38>1 2022-02-21T23:53:07+00:00 SERVERNAME sshd 31000 - [meta sequenceId="137051" vendorId="COMPANY" enterpriseId="1111.1.1.0" assetTag="" serialNum="012345678901371"] DSM:SERVERNAME / COMPANY, (AUTHPRIV LOG) USER/SOURCE: sshd - Failed password for root from 10.1.2.3 port 51145 ssh2

Sample Parsing

event_timestamp
metadata.event_type= GENERIC_EVENT
metadata.vendor_name= "WTI"
metadata.product_name= "CONSOLE SERVER"
metadata.product_event_type= "Failed password"
principal.user.userid= "root"
principal.ip= "10.1.2.3"
principal.port= 51145
intermediary.hostname= "SERVERNAME"
intermediary.asset_id= "asset:012345678901371"
intermediary.process.pid= "31000"
security_result.category= AUTH_VIOLATION
security_result.summary= "Failed password"
security_result.description= "Failed password for invalid user dada from 10.1.2.3 port 51145 ssh2"
security_result.action= BLOCK
network.application_protocol= SSH

Parser Alerting

This product currently does not have any Parser-based Alerting