About mbrogioni

mbrogioni · 03-19-2020

Hi, we have a Stealthwatch 7 deployed. We send the events to QRadar and in QRadar we receive this kind of log: (...)<110>Mar 04 14:23:01 vap11039 StealthWatch[4925]: LEEF:2.0|Lancope|Stealthwatch|6.8|51|0x7C|src=10.90.7.10|dst=0.0.0.0|dstPort=|proto=...

mbrogioni · 03-20-2020

Thank you, we will lokk in this docs. Thank you.

mbrogioni · 03-20-2020

Yes, but there is something strange. Taking logs in another way (if you need more technical detail I will ask to the collegues) we see this events:(...)<134>LEEF:2.0|Lancope|Stealthwatch|0x7C|src=10.90.5.157|dst=10.91.17.0|dstPort=7680|proto=tcp|msg=...

mbrogioni · 03-19-2020

Okay, but what I don't understand is: if I look in the console I see this flows, I think the flow of the event is the one higlited in red in the attached image. If I am right, for every row in the console there is a log row, right ? Thank you P.S. Wh...

Member Since	‎03-19-2020 02:18 AM
Date Last Visited	‎03-20-2020 12:07 AM
Posts	4

User Statistics

User Activity

Stealthwatch logs missing destination IP, destination port, protocol

Re: Stealthwatch logs missing destination IP, destination port, protocol

Re: Stealthwatch logs missing destination IP, destination port, protocol

Re: Stealthwatch logs missing destination IP, destination port, protocol