...
Configure the Snare reflector with the following policies below, specifying the port for each log type as configured in Securonix:
Datasource | Format in Reflector | Filter value (include) | Filter comments |
|---|---|---|---|
Apache Web Server | Syslog RFC 3164 | ApacheLog | |
Microsoft ADFS | Raw | AD FS/Admin | |
Microsoft Defender | Raw | Microsoft-Windows-Windows Defender/Operational | |
Microsoft DHCP | Syslog RFC 3164 | MSSQL\$MICROSOFT##WID|MSSQLSERVER | Replace MSSQLSERVER with instance name |
Microsoft DNS Server | Syslog RFC 3164 | MSDNSServer | |
Microsoft Exchange Parser | Syslog RFC 3164 | ExchangeLog | |
Microsoft IIS Server | Syslog RFC 3164 | IISWebLog | |
Microsoft Windows Powershell | Syslog RFC 3164 | Microsoft-Windows-PowerShell/Operational | |
Microsoft Windows Snare Application | |||
Microsoft Windows Snare Security | |||
Microsoft Windows Snare System | |||
Microsoft Windows Sysmon | |||
Microsoft Windows Sysmon | |||
RADIUS_NPS | |||
Windows MSSQL Via Syslog SNARE | |||
Windows MSSQL Via Syslog SNARE |
...