search

alphasoc / nfr

A lightweight tool to score network traffic and flag anomalies
https://alphasoc.com
Other
122 stars 19 forks source link

CEF output for ArcSight #58

Closed chrisforce1 closed 6 years ago

chrisforce1 commented 6 years ago

This is a placeholder, as I'll come up with the individual fields and syslog message format soon. Regarding the configuration option, we should use the following:

  # ArcSight syslog connector where AlphaSOC alerts will be sent in CEF format.
  # NFR will use TCP port 514 to send CEF messages via syslog by default.
  # Use the fields below to define the server IP address and syslog port.
  arcsight:
    # IP address of the ArcSight syslog connector
    # Default: (none)
    ip:
    # Port for the ArcSight syslog TCP input
    # Default: 514
    port: 514
chrisforce1 commented 6 years ago

Closing as we should use syslog: (https://github.com/alphasoc/nfr/issues/62)