When you configure your STEALTHbits StealthINTERCEPT to send log data to USM Appliance, you can use the StealthINTERCEPT plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.

Plugin Information
Device Details
Vendor STEALTHbits
Device Type Unified Threat Management
Connection Type Syslog
Data Source Name StealthINTERCEPT
Data Source ID 1902

Integrating STEALTHbits StealthINTERCEPT

Before you configure the STEALTHbits StealthINTERCEPT integration, you must have the IP Address of the USM Appliance Sensor.

To configure STEALTHbits StealthINTERCEPT to send Syslog messages to USM Appliance

  1. Log in to your STEALTHbits StealthINTERCEPT server.
  2. Start the Administration Console.
  3. Select Configuration > Syslog Server and configure the following parameters:
    • Host Address: Enter your USM Appliance IP address.
    • Port: Enter port number 514.
  4. Click Import mapping file.
  5. Select the SyslogLeefTemplate.txt file and press Enter.
  6. Click Save.
  7. In the Administration Console, click Actions.
  8. Select the mapping file that you just imported, and then select the Send to Syslog check box.

    Note: Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.

  9. Click Add.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

For troubleshooting, refer to the vendor documentation: