The RSA Live Content team has published updates for 15 Log Parsers that generate the largest number of, “Unknown Message Defect” support cases.
These enhancements are part of a strategic initiative to drive improvements to Log Parsers.
Benefits from these improvements result in:
- Fewer Unknown Messages
- Improved Device Discovery
- Better Adaptability to newer versions of an Event Source
- Reduced Parser Maintenance
To take advantage of these improvements you will need to download the latest versions of the parsers listed below from the Live Portal.
S.No. | Event Source | Log Parser | Improvements |
1 | Microsoft Windows using Event Collection | winevent_nic | This parser can now identify all Windows Security, System and Application log events. Note: Application channel events are parsed with the standard fields needed for basic analytics. Some applications are parsed in more detail for specific use-cases. |
2 | Microsoft Windows using Adiscon Event Reporter | winevent_er | This parser can now identify all Windows Security, System and Application log events. Note: Application channel events are parsed with the standard fields needed for basic analytics. Some applications are parsed in more detail for specific use-cases. |
3 | Microsoft Windows using Intersect Alliance Snare | winevent_snare | This parser can now identify all Windows Security, System and Application log events. Note: Application channel events are parsed with the standard fields needed for basic analytics. Some applications are parsed in more detail for specific use-cases. |
4 | FireEye Web Malware Protection System | fireeyewebmps | This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. |
5 | McAfee Network Security Platform | intrushield | Certain types of events generated by this event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. |
6 | Voltage Secure Data | voltagesecuredata | This parser has been redesigned to parse all event ids generated by the event source. It has been made future proof to parse newer event ids that may be introduced in newer versions of the product. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages. |
7 | Cisco IronPort Web Security Appliance (WSA) | ciscoiportwsa | This parser has been improved to parse all web methods for Squid and Apache log formats. It has been improved to accommodate New/Unknown tags as well, which significantly reduces the number of unknown messages. |
8 | Cisco Adaptive Security Appliance | ciscoasa | This parser can now support all event ids from the event source. The log format is semi-structured and the event source registers a unique ID for each type of event. We do detailed parsing for most of the documented event ids. It has been made future proof to identify newer event ids that may be introduced in newer versions of the product. |
9 | Cisco Identity Services Engine & Cisco Secure Access Control Server | ciscosecureacs | This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. |
10 | Microsoft Internet Information Services | microsoftiis | This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. |
11 | UnboundID Identity Data Store | unboundidids | This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. It has also been made future proof to parser new types of events that may be introduced in newer versions of the product. |
12 | IBM WebSphere | ibmwebsphere | Certain types of events generated by this event source have a structured log format. The parser has been improved to identify and parse newer events of that log format. |
13 | IBM iSeries AS400 | iseries | This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. |
14 | Blue Coat ProxySG SGOS | cacheflowelff | This event source has 2 types of logs. Web Logs and Audit Logs. Web logs follows a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. Audit logs have a semi-structured format and we do a detailed parsing of most of the audit events. It has also been made future proof to parser new types of audit events that may be introduced in newer versions of the product. |
15 | Juniper Networks SSL VPN | junipervpn | This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. |
| | | | |
RSA Live Content team will be powering similar improvements for more parsers over the next two quarters.
