Stay up to date with the latest & greatest
- 3 Topics
- 5 Replies
Hi,I´m struggeling with the integration of the Cisco Ironport eMail Security Appliance as UEBA source.The LogPoint documenation - Data Sources For UEBA — UEBA Guide latest documentation (logpoint.com) - indicates the ESA is supported.The corresponding UEBA matching query is - device_category=Email* sAMAccountName=* receiver=* datasize=* | fields,log_ts,sender,receiver,userPrincipalName,sAMAccountName,datasize,subject,status,file,file_countThe ESA never sends a combination of receiver and datasize. The ESA only logs a combination auf sender and datazize. The ESA´s sender & receiver logs are linked only via the MID “message_identifier”Has anyone seen or did this integration with Cisco´s ESA and UEBA? Is it running in the correct way? Thanks.BRJohann
Does anyone have some examples of the models that are used for the “Active Directory Authentication” data source? For example, does this depend on certain Event IDs being present in the logs, and if so how do they map to the models?
Already have an account? Login
Login to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.LOGIN AS PARTNER OR CUSTOMER Login with LinkedIn
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.