Skip to content

Stealth Intercept

Key facts

  • Legacy BSD Format default port 514
Ref Link
Splunk Add-on
Product Manual unknown


sourcetype notes
StealthINTERCEPT:alerts SC4S Format Shifts to JSON override template to t_msg_hdr for original raw

Sourcetype and Index Configuration

key sourcetype index notes
stealthbits_stealthintercept StealthINTERCEPT netids none
stealthbits_stealthintercept_alerts StealthINTERCEPT:alerts netids Note TA does not support this source type