• Have questions about this item?

  • Contact us

Description

The Universal CEF Collector provides data-capture capabilities from devices that sends events in Common Event Format (CEF). Sentinel must be installed and operational before you install this Collector.

Supported Product Versions:Universal Common Event Format 0.1, Universal Common Event Format 1.0, Novell Common Event Format 0.1, Novell Common Event Format 1.0

Connection Method(s):SYSLOG

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
Universal Common Event Format 2011.1r7
5.2 MB
  |  
Nov 12, 2024
More info Less info
Product compatibility
Sentinel
Version 8.4 · 8.5 · 8.6
Release notes

2011.1r7

  • Fix setting repip (ReporterIP) from SyslogRelayIp
  • Added method to call device specific normalization functions based on DeviceVendor and DeviceProdcut.
  • Added method to call device specific normalization functions based on DeviceVendor and DeviceProduct.
  • Populating DeviceCustomString fields into ExtendedInformation.(Bug# 918035)
  • Modified the Collector not to map the cat to Observer category to prevent breaking sentinel taxonomy.(Bug# 844081)
  • Fixed the ObserverCategory of ProductName Arcsight Arcsight.(Bug# 844081)
  • Modified the ObserverCategory of ProductName Microsoft to Event source not in other category.(Bug# 844081)
  • Populating DeviceCustomString fields into ExtendedInformation.(Bug# 918035)
  • Modified the collector to properly parse NetIQ Advanced Authentication events:
    • Populate action, taxonomy name and taxonomy outcome.
    • Map fields:

AA Sentinel externalId SessionID tenant_name TargetDataNamespace event_name SourceServiceName chain_name TargetServiceName method_id ApplicationProtocol object_id CEFFileId component_id PolicyID setting_name TargetAttributeName scope TargetDataContainer role_name TargetTrustName object_type TargetResourceType repo_type TargetResourceType

    • Split REPO\userid into UserDomain and UserName fields for Initiator and Target.
    • Populate TargetHost fields from observer.
    • Populate Message field from error description for Request failed events.
Languages
English
Files
Universal Common Event Format 2011.1r6
5.1 MB
  |  
Jul 28, 2023
More info Less info
Product compatibility
Sentinel
Version 8.6
Release notes
  • Modified the collector to populate action, taxonomy name and taxonomy outcome for checkpoint events.(Bug# 67002)
  • Modified the collector to properly catch and handle exceptions thrown while parsing IDM events.(Bug# 383145)
Languages
English
Files
Universal Common Event Format 2011.1r6 Beta
5.1 MB
  |  
Jun 13, 2022
More info Less info
Product compatibility
Sentinel
Version 8.4 · 8.5 · 8.6
Release notes

2011.1r6

  • Modified the collector to populate action, taxonomy name and taxonomy outcome for checkpoint events.(Bug# 67002)
  • Modified the collector to properly catch and handle exceptions thrown while parsing IDM events.(Bug# 383145)
Languages
English
Files
Universal Common Event Format 2011.1r5
5.2 MB
  |  
Oct 21, 2021
More info Less info
Product compatibility
Sentinel
Version 8.4 · 8.5 · 8.6
Release notes

2011.1r5

2011.1r4

  • Added support for Kaspersky Security Center.
  • Modified the collector to fix issues related to NetIQ Identity Manager custom CEF events. (Bug# 1158735)
Languages
English
Files

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Unsubscribe Cancel

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the OpenText Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Accept Cancel
Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2024-10-1-6270 | Sun Oct 6 21:16:47 PDT 2024