Click here to expand

    CEF format Reports

    CEF format Reports

    EventLog Analyzer collects log data in the CEF format and presents it in the form of graphical reportsFor the solution to start collecting this log data, the device has to be added as a threat source.

    Adding a device with logs in the CEF format as a threat source:

    To add the application that uses CEF as a threat source, the syslog service has to be configured.

    1. Login to the application or device which supports CEF log format.
    2. Go to syslog server configuration.
    3. In the field for Log Format, select CEF Format.
    4. In the Syslog Server IP address field, enter the <EventLog Analyzer IP address>.
    5. Enter the syslog port and save the configuration.
    Malwarebytes Reports

    Once the threat source is added, EventLog Analyzer will start parsing the fields in the logs. This log data can now be viewed in the form of reports.

    1. In the EventLog Analyzer console, navigate to Settings > Configurations > Manage Threat Source > Add Source
    2. Click on Existing Host and select the device you had added from the list of existing devices.
    3. Select the Addon Type from the list.
    4. Click on Add.

    The available reports are:

    Get download link