Arcsight flexConnector for WordPress

flexconnector wordpress

##################### # ### TESTSOFT.NET ### # ############################ ### ArcSight Parser For WordPress Stock Logformat v1.0 ### #wordpress(testsoft.net)[3673]: Authentication attempt for unknown user admin from 1.1.1.1 regex=(wordpress)(.*) token.count=2 token[0].name=type token[0].type=String token[1].name=body token[1].type=String event.deviceVendor=__stringConstant(“wordpress”) event.deviceProduct=__stringConstant(“applog”) event.sourceUserPrivileges=__stringConstant(“wordpress”) event.deviceProcessName=__stringConstant(“wordpress”) event.flexString2=body event.flexString2Label=__stringConstant(“raw”) event.name=type event.message=body submessage.messageid.token=type submessage.token=body submessage.count=1 submessage[0].messageid=wordpress submessage[0].pattern.count=4 #(testsoft.net)[3673]: Authentication failure for testsoft from 1.1.1.1 submessage[0].pattern[0].regex=\\(([^)]+)\\)\\[([^]]+)\\]\\:\\s+(.*failure\\s+for\\s+([^\\s+]+)\\s+from\\s+(\\d+.\\d+.\\d+.\\d+).*) submessage[0].pattern[0].mappings=$1|$2|$3|$4|$5 submessage[0].pattern[0].fields=event.name,event.deviceCustomString4,event.message,event.targetUserName,event.attackerAddress submessage[0].pattern[0].extramappings=event.deviceCustomString4Label=__stringConstant(“pid”)|event.deviceSeverity=__stringConstant(“warning”)… Continue reading Arcsight flexConnector for WordPress