You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-forward-alert-information-to-partners.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -126,7 +126,7 @@ Enter the following parameters:
126
126
| Date and time | Date and time that the syslog server machine received the information. |
127
127
| Priority | User. Alert |
128
128
| Hostname | Sensor IP address |
129
-
| Message | CyberX platform name: The sensor name.<br /> Microsoft Defender for IoT Alert: The title of the alert.<br /> Type: The type of the alert. Can be **Protocol Violation**, **Policy Violation**, **Malware**, **Anomaly**, or **Operational**.<br /> Severity: The severity of the alert. Can be **Warning**, **Minor**, **Major**, or **Critical**.<br /> Source: The source device name.<br /> Source IP: The source device IP address.<br /> Protocol (Optional): The detected source protocol.<br /> Address (Optional): Source protocol address.<br /> Destination: The destination device name.<br /> Destination IP: The IP address of the destination device.<br /> Protocol (Optional): The detected destination protocol.<br /> Address (Optional): The destination protocol address.<br /> Message: The message of the alert.<br /> Alert group: The alert group associated with the alert. |<br /> UUID (Optional): The UUID the alert. |
129
+
| Message | CyberX platform name: The sensor name.<br /> Microsoft Defender for IoT Alert: The title of the alert.<br /> Type: The type of the alert. Can be **Protocol Violation**, **Policy Violation**, **Malware**, **Anomaly**, or **Operational**.<br /> Severity: The severity of the alert. Can be **Warning**, **Minor**, **Major**, or **Critical**.<br /> Source: The source device name.<br /> Source IP: The source device IP address.<br /> Protocol (Optional): The detected source protocol.<br /> Address (Optional): Source protocol address.<br /> Destination: The destination device name.<br /> Destination IP: The IP address of the destination device.<br /> Protocol (Optional): The detected destination protocol.<br /> Address (Optional): The destination protocol address.<br /> Message: The message of the alert.<br /> Alert group: The alert group associated with the alert. <br /> UUID (Optional): The UUID the alert. |
130
130
131
131
| Syslog object output | Description |
132
132
|--|--|
@@ -140,7 +140,7 @@ Enter the following parameters:
140
140
| Date and time | Date and time that the syslog server machine received the information. |
141
141
| Priority | User.Alert |
142
142
| Hostname | Sensor IP address |
143
-
| Message | CEF:0 <br />Microsoft Defender for IoT <br />Sensor name: The name of the sensor appliance. <br />Sensor version <br />Alert title: The title of the alert. <br />msg: The message of the alert. <br />protocol: The protocol of the alert. <br />severity:**Warning**, **Minor**, **Major**, or **Critical**. <br />type:**Protocol Violation**, **Policy Violation**, **Malware**, **Anomaly**, or **Operational**. <br /> start: The time that the alert was detected. <br />Might vary from the time of the syslog server machine, and depends on the time-zone configuration of the forwarding rule. <br />src_ip: IP address of the source device. <br />dst_ip: IP address of the destination device.<br />cat: The alert group associated with the alert. |
143
+
| Message | CEF:0 <br />Microsoft Defender for IoT <br />Sensor name= The name of the sensor appliance. <br />Sensor version <br />Alert title= The title of the alert. <br />msg= The message of the alert. <br />protocol= The protocol of the alert. <br />severity=**Warning**, **Minor**, **Major**, or **Critical**. <br />type=**Protocol Violation**, **Policy Violation**, **Malware**, **Anomaly**, or **Operational**. <br /> start= The time that the alert was detected. <br />Might vary from the time of the syslog server machine, and depends on the time-zone configuration of the forwarding rule. <br />src_ip= IP address of the source device. <br />dst_ip= IP address of the destination device.<br />cat= The alert group associated with the alert. |
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments