Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SNARE

Proprietary Snare format, comprised of Snare header and tab-delimited tokens

  • Snare Central

SNARE V2

  • available since v5.5.0

A more detailed Snare format, comprised of Snare header and event details in JSON format.

  • Snare Central v8.4.0 or newer

SYSLOG (RFC3164)

SYSLOG (RFC3164) header and tab-delimited tokens message

  • IBM QRadar

  • Dell Secureworks

  • Other 3rd party SIEM systems

  • Snare Central (usually for forwarding to other SIEMs)

SYSLOG Alt (RFC5424 Compatible)

Same as SYSLOG (RFC3164) format, with an addition of event priority in square brackets at the end of the header.

  • ArcSight

  • Other 3rd party SIEM systems

  • Snare Central (usually for forwarding to other SIEMs)

SYSLOG (RFC5424)

SYSLOG (RFC5424) header and tab-delimited tokens message

  • 3rd party SIEMs that require latest Syslog standard format

  • Snare Central (usually for forwarding to other SIEMs)

CEF

ArcSight Common Event Format (CEF)

  • ArcSight

  • Snare Central (usually for forwarding to other SIEMs)

LEEF

IBM Log Event Extended Format (LEEF)

  • IBM Qradar

  • Snare Central (usually for forwarding to other SIEMs)

SYSLOG JSON

  • available since v5.5.0

SYSLOG (RFC5424) header and event details in JSON format

Did this resolve the issue?

Escalate