Skip to main content

Syslog Variables

Overview

This article provides a comprehensive list of syslog variables available for use in custom SIEM templates with Netwrix Threat Manager. These variables can be utilized to customize syslog messages for integration with your SIEM solution.

Instructions

To use these variables, include them in your custom SIEM template configuration within Netwrix Threat Manager. Ensure that the variables are correctly formatted as shown above to avoid errors in syslog message generation.

Available Syslog Variables

The following syslog variables are available for use in custom SIEM templates:

  • %SYSLOG_DATE%
  • %HOST%
  • %COMPANY%
  • %PRODUCT%
  • %PRODUCT_VERSION%
  • %THREAT_TIME%
  • %THREAT_TYPE%
  • %USERS%
  • %COMPUTERS%
  • %FILENAME%
  • %NEW_FILENAME%
  • %PROCESS%
  • %EVIDENCE%
  • %EVENT_SOURCE_TYPE%
  • %CLASS_NAME%
  • %EVENT_NAME%
  • %SUCCESS%
  • %BLOCKED_EVENT%
  • %SETTING_NAME%
  • %TIME_STAMP_UTC%
  • %EVENT_SOURCE_NAME%
  • %PERPETRATOR%
  • %ORIGINATING_CLIENT%
  • %FILE_PATH%
  • %ORIGINATING_SERVER%
  • %ATTRIBUTE_NAME%
  • %ATTRIBUTE_VALUE%
  • %OLD_ATTRIBUTE_VALUE%
  • %OPERATION%