Versions Compared

Version Old Version 2 New Version Current
Changes made by

Juan Tomás Alonso Nieto

Carlos Prado Ventura

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For more information, read more About Devo tags.

How is the data sent to Devo?

Currently the latest version of the Snare Agent for MSSQL (Snare product) is used, and events are sent as Syslog and JSON (not the default Snare format).

Logs generated by Snare MSSQL must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rule below:

Rule for events of Snare MSSQL

  • Source port - Any available port

  • Sent without syslog tag -

  • Target tag - db.mssql_snare.audit

  • Stop processing -

Table structure

These are the fields displayed in this table:

...