When you configure your STEALTHbits StealthINTERCEPT to send log data to USM Appliance, you can use the StealthINTERCEPT plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
| Device | Details |
|---|---|
| Vendor | STEALTHbits |
| Device Type | Unified Threat Management |
| Connection Type | Syslog |
| Data Source Name | StealthINTERCEPT |
| Data Source ID | 1902 |
Integrating STEALTHbits StealthINTERCEPT
Before you configure the STEALTHbits StealthINTERCEPT integration, you must have the IP Address of the USM Appliance Sensor.
To configure STEALTHbits StealthINTERCEPT to send Syslog messages to USM Appliance
- Log in to your STEALTHbits StealthINTERCEPT server.
- Start the Administration Console.
- Select Configuration > Syslog Server and configure the following parameters:
- Host Address: Enter your USM Appliance IP address.
- Port: Enter port number 514.
- Click Import mapping file.
- Select the SyslogLeefTemplate.txt file and press Enter.
- Click Save.
- In the Administration Console, click Actions.
-
Select the mapping file that you just imported, and then select the Send to Syslog check box.
Note: Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.
- Click Add.
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
https://www.stealthbits.com/stealthintercept-product
For troubleshooting, refer to the vendor documentation:
Feedback