Device | Details |
---|---|
Vendor | Varonis |
Device Type | Data Protection |
Connection Type | Syslog |
Data Source Name | varonis-datadvantage |
Data Source ID | 2503 |
Select Tools > DatAlert.
Select the Configuration tab and specify values for fields in the Syslog Message Forwarding section:
Select the Alert Templates tab.
Create a new alert template with the format below, replacing {{VARONIS_SERVER}} with the hostname of your Varonis Server.
<Alert Time> VaronisDatAlert Varonis: CEF:0|Varonis Inc.|!DatAdvantage|<!DatAdvantage version>|<Event Op Code>|<Rule Name>|<Severity>|rt=<Alert Time> cat=Alert rep_device_rule_id=<Rule ID> event_action=<Event Type> event_outcome=<Event Status> event_receipt_time=<Event Time> needs_enrichment=https://{{VARONIS_SERVER}}/Datadvantage/#/app/analytics/entity/Alert/<Alert ID> source_username=<Acting Object> filePath=<Access Path> fname=<Affected Object> destination_hostname=<File Server/Domain> rep_device_hostname=<Device Name> rep_device_version=<Device IP Address>
Important: Do not use the Varonis default template because the Syslog messages it generates are not compatible with Sheriff CSM's parser.
In the Apply to alert methods field, select Syslog message.
Click OK, then click Apply to save your changes.