Arcsight Microsoft Windows (CEF)¶
Key facts¶
- MSG Format based filter
- Legacy BSD Format default port 514
Links¶
Ref | Link |
---|---|
Splunk Add-on CEF | https://bitbucket.org/SPLServices/ta-cef-for-splunk/downloads/ |
Splunk Add-on CEF | https://bitbucket.org/SPLServices/ta-cef-microsoft-windows-for-splunk/downloads/ |
Product Manual | https://docs.imperva.com/bundle/cloud-application-security/page/more/log-configuration.htm |
Sourcetypes¶
sourcetype | notes |
---|---|
cef | Common sourcetype |
Source¶
source | notes |
---|---|
CEFEventLog:System or Application Event | Windows Application and System Event Logs |
CEFEventLog:Microsoft Windows | Windows Security Event Logs |
Index Configuration¶
key | source | index | notes |
---|---|---|---|
Microsoft_System or Application Event | CEFEventLog:System or Application Event | oswin | none |
Microsoft_Microsoft Windows | CEFEventLog:Microsoft Windows | oswinsec | none |