McAfee ePolicy Orchestrator¶
Constructor : Mcafee¶
Product : ePolicy Orchestrator¶
Log format : splunk¶
Structured log message :
AutoID=60757851 signature=\"Protection standard commune:Empecher l\'arret des processus McAfee signature_id=1092 category=hip.file severity_id=5 event_description=\"Access Protection rule violation detected and blockedC:PROGRAM FILESMCAFEEVIRUSSCAN ENTERPRISEVSTSKMGR.EXE\" detection_method=OAS action=NT AUTHORITYSYSTEM\" user=N/A dest_nt_domain=EU dest_dns=FRT dest_nt_host=FR fqdn=FRD.eu dest_ip=10.10.11.12 dest_netmask= dest_mac=0000CC216f3b os= os_version=5.2 os_build=3790 timezone= src_dns=_ src_ip=10.1.2.3 src_mac= process=\"C:PROGRAM FILESEMCNAVISPHERE AGENTNAVIAGENT.EXE\" url= logon_user_1= is_laptop=0 product= product_version=8.8 engine_version= dat_version= vse_dat_version=8040.0000 vse_engine64_version=N/A vse_engine_version=5800.7501 vse_hotfix=6 vse_product_version=8.8.0.1445 vse_sp=
Log format : csv¶
Csv log message :
2105984;6902F367-093D-4CDC-B70F-CB81331BE718;SERV1;2015-02-21 19:39:15.550;2015-02-21 19:38:31.000;8D2F0EF2-3352-486A-9670-787D8CB97994;VIRUSCAN8800;VirusScan Enterprise;8.8;D305967;10.10.10.10 ;0x00000000000000000000FFFF90100541;NULL;7718.0000;5700.7163;(managed) Weekly Scan Virusscan Enterprise 8.8.0;_;10.10.10.10 ;0x00000000000000000000FFFF90100541;NULL;NULL;NULL;NULL;D305967;10.10.10.10 ;0x00000000000000000000FFFF90100541;NULL;SYSTEM;NULL;NULL;NULL;c:tempbackup_backupdiskebooks.zip70-271_70-272_MCDST_Study_Guide_and_Transcender_Exams.rartranscenderengine v3.5 Patch.exetranscenderengine v3.5 Patch.exe;av.pup;21280;1;Tool-TPatch;app_pua;deleted;1;0x0000000002E86EEF
Constructor field | LMC field |
---|---|
[src_dns] | [init][host][name] |
[src_ip] | [init][host][ip] |
[src_mac] | [init][host][mac] |
[source_logon_user] | [init][usr][name] |
[process] | [init][process][name] |
[dest_dns] | [target][host][name] |
[dest_ip] | [target][host][ip] |
[dest_mac] | [target][host][mac] |
[dest_netmask] | [target][host][net] |
[logon_user] | [target][usr][name] |
[signature_id] | [alarm][name] |
[severity_id] | [alarm][sev] |
[timestamp] | [mcafee][epo][received_utc] |
[product] | [mcafee][epo][analyzer_name] |
[product_version] | [mcafee][epo][analyzer_version] |
[dat_version] | [mcafee][epo][analyzer_dat_version] |
[engine_version] | [mcafee][epo][analyzer_engine_version] |
[detection_method] | [mcafee][epo][analyzer_detection_method] |
[url] | [mcafee][epo][source_url] |
[file_name] | [mcafee][epo][target_filename] |
[category] | [mcafee][epo][threat_category] |
[signature] | [mcafee][epo][threat_name] |
[threat_type] | [mcafee][epo][threat_type] |
[action] | [mcafee][epo][threat_action_taken] |
[threat_handled] | [mcafee][epo][threat_handled] |
[event_description] | [mcafee][epo][description] |
[dest_nt_domain] | [mcafee][epo][computer][nt_domain] |
[fqdn] | [mcafee][epo][computer][fqdn] |
[is_laptop] | [mcafee][epo][computer][is_laptop] |
[os] | [mcafee][epo][computer][os_type] |
[os_build] | [mcafee][epo][computer][os_build] |
[os_version] | [mcafee][epo][computer][os_version] |
[sp] | [mcafee][epo][computer][os_sp] |
[timezone] | [mcafee][epo][computer][timezone] |
[user] | [mcafee][epo][computer][user] |
[vse_dat_version] | [mcafee][epo][vse][dat_version] |
[vse_engine64_version] | [mcafee][epo][vse][engine64_version] |
[vse_engine_version] | [mcafee][epo][vse][engine_version] |
[vse_hotfix] | [mcafee][epo][vse][hotfix] |
[vse_product_version] | [mcafee][epo][vse][product_version] |
[vse_sp] | [mcafee][epo][vse][sp] |
Unit Test List¶
unit_csv_1034.json unit_csv_1092.json unit_csv_1119.json unit_csv_21401.json unit_csv_1035.json unit_csv_1094.json unit_csv_21027.json unit_splunk.json unit_csv_1027.json unit_csv_1038.json unit_csv_1095.json unit_csv_21280.json