MININT-16Tjdoe CEF:0|Malwarebytes|Malwarebytes Endpoint Protection|Endpoint Protection 1.2.0.719|Detection|Website blocked|1|deviceExternalId=e150291a2b2513b9fd67941ab1135afa41111111 dvchost=MININT-16Tjdoe deviceDnsDomain=jdoeTest.local dvcmac=00:0C:29:33:C6:6A dvc=192.168.2.100 rt=21:05:56 Z fileType=OutboundConnection cat=Website act=blocked msg=Website blocked The tables below detail the Syslog prefix values, CEF headers, and extensions used in the example. Default is 5 mins.įollowing is an example of a Syslog entry generated by Malwarebytes in raw CEF format. This determines the Severity of all Malwarebytes events sent to Syslog.Ĭommunication Interval (Minutes): Specify the interval. Severity: Choose a Severity from the list. Protocol: Select either TCP or UDP protocol. Port: Port you have specified on your Syslog server (514). IP Address/Host: IP or hostname of your Syslog server (RIN).Select a Windows endpoint that will send logs to a syslog server. Complete the following steps to configure the Malwarebytes AntiVirus connection:
0 Comments
Leave a Reply. |