Jump to content

SMC Server Logging Audit Events


Recommended Posts

Hi,

I'm trying to process ESET SMC Server in a SIEM system and it seems that it provides a good feature of sending JSON Audit Events to a syslog server. What I needed to know is what audit events are logged, because I'm only receiving login and logout events in syslog:

2020-02-05T17:20:43.724Z ip-10-xxx.xxx ERAServer[2286] <U+FEFF>{"event_type":"Audit_Event","ipv4":"10.xxx","hostname":"ip-10-XXX","source_uuid":"976e2311-41fa-4e38-88ad-5af43c63bab6","occured":"05-Feb-2020 17:20:43","severity":"Information","domain":"Native user","action":"Login attempt","target":"USERNAME","detail":"Authenticating native user 'USERNAME'.","user":"","result":"Success"}#015#012

 

image.thumb.png.763fc34c199727cadbd02daf0de1ab16.png

Thanks!

Link to post
Share on other sites
  • ESET Staff

If I recall correctly, just mentioned login/logout audit events are exported for both native and domain users. What details would you be interested to see in SIEM? Just authentication details are exported as audit log might contains quite a lot of details that might not be interesting, especially when executed automatically, without user's interaction.

Link to post
Share on other sites

Hi Martin,

We're looking for actions executed by the native users in ESET SMC, being one of the most important the Client Tasks, of type Run Command. But, overall other actions would be useful also, for auditing purposes. The way the information is shown in the documentation it made me think these syslog audit events would match what we would get by Audit Reports.

Thanks!

Link to post
Share on other sites
  • ESET Staff
7 hours ago, Jean M said:

Could someone confirm what are the syslog JSON logged Audit Events? if it's just login and logout and if there's a way to log more than that.

I have verified my previous statement and it was true -> it is not possible to export any other audit events.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...