Mensagens de evento de amostra do VMware AppDefense

Use essas mensagens de evento de amostra como uma maneira de verificar uma integração bem-sucedida com o QRadar

A tabela a seguir fornece uma mensagem do evento de amostra ao usar o protocolo de API do VMWare AppDefense para o VMware AppDefense DSM:

Nome do evento Categoria de baixo nível Mensagem de log de amostra

Violação de Regra de Conexão de Entrada

Negação de Firewall

Tabela 1. Mensagem de amostra do VMware AppDefense suportada pelo VMware AppDefense
Nome do evento	Categoria de baixo nível	Mensagem de log de amostra
Violação de Regra de Conexão de Entrada	Negação de Firewall	{"id":1111111,"createdAt":1512009263.471000000,"remediation":{"id":1111111},"severity":"CRITICAL","lastReceivedAt":1516170726.957000000,"count":2,"status":"UNRESOLVED","violationDetails":{"processHashSHA256":"1000000000000000000000000000000000000000000000000000000000000000","processHash":"10000000000000000000000000000000","cli":"<cli>","localPort":"<24","processPath":"","alert":"INBOUND_CONNECTION_RULES_VIOLATION","localAddress":"192.0.2.0","ipProtocol":"tcp","preEstablishedConnection":"FALSE"},"violatingVirtualMachine":{"id":1111111,"vmToolsStatus":"TOOLS_NOT_RUNNING","vcenterUuid":"11111111-1111-1111-1111-111111111111","vmUuid":"11111111-1111-1111-1111-111111111111","ipAddress":"192.0.2.0”,"osType":"WINDOWS","vmManageabilityStatus":"HOST_MODULE_ENABLED_AND_GUEST_MODULE_MISSING","guestAgentVersion":"1.0.1.0","macAddress":"<MacAddress>","guestId":"windows8","healthStatus":"CRITICAL","service":{"id":00000},"vmId":"1","guestAgentStatus":"Disconnected","guestName":"Microsoft Windows","guestStatus":"POWERED_OFF","name":"<name>","hostName":"<Hostname>"},"violatingProcess":{"processReputationProfile":null,"fullPathName":"System","<System>":"<System>","process256Hash":"1000000000000000000000000000000000000000000000000000000000000000","processMd5Hash":"10000000000000000000000000000000"},"subRuleViolated":null,"ruleViolated":"INBOUND_CONNECTION"}
Violação de regra de conexão de saída	Negação de Firewall	{"id":10101001,"createdAt":1512009263.495000000,"remediation":{"id":1551519},"severity":"CRITICAL","lastReceivedAt":1516224258.818000000,"count":00001,"status":"UNRESOLVED","violationDetails":{"processHashSHA256":"0000000000000000000000000000000000000000000000000000000000000","processHash":"0000000000000000000000000000000","cli":"C:\\<path>,"alert":"OUTBOUND_CONNECTION_RULES_VIOLATION","localAddress":"192.0.2.0","remotePort":"24","ipProtocol":"udp","preEstablishedConnection":"FALSE","remoteAddress":"0000::0:0"},"violatingVirtualMachine":{"id":101010,"vmToolsStatus":"TOOLS_NOT_RUNNING","vcenterUuid":"11111111-1111-1111-1111-111111111111","vmUuid":"11111111-1111-1111-1111-111111111111","ipAddress":"192.0.2.0","osType":"WINDOWS","vmManageabilityStatus":"HOST_MODULE_ENABLED_AND_GUEST_MODULE_MISSING","guestAgentVersion":"1.0.1.0","macAddress":"<MacAddress>","guestId":"windows8","healthStatus":"CRITICAL","service":{"id":28486},"vmId":"1","guestAgentStatus":"Disconnected","guestName":"Microsoft Windows","guestStatus":"POWERED_OFF","name":"<name>","hostName":"<host>"},"violatingProcess":{"processReputationProfile":{"processFileInfo":{"md5":"000000000000000000000000000000","sha256":"00000000000000000000000000000000000000000000000000000000000","container":false,"executable":true,"ssdeep":"100:THGFJFJFHJY7y86gHK7GHk7ghjgkghjk","fileSizeBytes":1,"peFormat":true,"firstSeenName":"<fileName>","sha1":"000000000000000000000000000000000000","crc32":null},"peHeaderMetadata":{"companyName":"Microsoft Corporation","productName":"Microsoft Windows,"version":null,"originalName":"<host>","description":"<description>","fileVersion":"192.0.2.0,"codePage":null,"productVersion":"6.3.9600.17415","language":"English (U.S.)"},"certificate":{"commonName":"Windows","certificateexinfo":{"thumbprint":"000000000000000000000000000000000000000000000","issuerThumbprint":"000000000000000000000000000000000","serialNumber":null,"validToDate":1437604140.000000000,"validFromDate":1398205740.000000000,"publisher":null,"name":null}},"trust":10,"threat":0},"fullPathName":"C:\\<path>","process256Hash":"000000000000000000000000000000000000000000000000000000000000","processMd5Hash":"000000000000000000000000000000000"},"subRuleViolated":null,"ruleViolated":"OUTBOUND_CONNECTION"}

{"id":1111111,"createdAt":1512009263.471000000,"remediation":{"id":1111111},"severity":"CRITICAL","lastReceivedAt":1516170726.957000000,"count":2,"status":"UNRESOLVED","violationDetails":{"processHashSHA256":"1000000000000000000000000000000000000000000000000000000000000000","processHash":"10000000000000000000000000000000","cli":"<cli>","localPort":"<24","processPath":"","alert":"INBOUND_CONNECTION_RULES_VIOLATION","localAddress":"192.0.2.0","ipProtocol":"tcp","preEstablishedConnection":"FALSE"},"violatingVirtualMachine":{"id":1111111,"vmToolsStatus":"TOOLS_NOT_RUNNING","vcenterUuid":"11111111-1111-1111-1111-111111111111","vmUuid":"11111111-1111-1111-1111-111111111111","ipAddress":"192.0.2.0”,"osType":"WINDOWS","vmManageabilityStatus":"HOST_MODULE_ENABLED_AND_GUEST_MODULE_MISSING","guestAgentVersion":"1.0.1.0","macAddress":"<MacAddress>","guestId":"windows8","healthStatus":"CRITICAL","service":{"id":00000},"vmId":"1","guestAgentStatus":"Disconnected","guestName":"Microsoft Windows","guestStatus":"POWERED_OFF","name":"<name>","hostName":"<Hostname>"},"violatingProcess":{"processReputationProfile":null,"fullPathName":"System","<System>":"<System>","process256Hash":"1000000000000000000000000000000000000000000000000000000000000000","processMd5Hash":"10000000000000000000000000000000"},"subRuleViolated":null,"ruleViolated":"INBOUND_CONNECTION"}

Violação de regra de conexão de saída

Negação de Firewall

{"id":10101001,"createdAt":1512009263.495000000,"remediation":{"id":1551519},"severity":"CRITICAL","lastReceivedAt":1516224258.818000000,"count":00001,"status":"UNRESOLVED","violationDetails":{"processHashSHA256":"0000000000000000000000000000000000000000000000000000000000000","processHash":"0000000000000000000000000000000","cli":"C:\\<path>,"alert":"OUTBOUND_CONNECTION_RULES_VIOLATION","localAddress":"192.0.2.0","remotePort":"24","ipProtocol":"udp","preEstablishedConnection":"FALSE","remoteAddress":"0000::0:0"},"violatingVirtualMachine":{"id":101010,"vmToolsStatus":"TOOLS_NOT_RUNNING","vcenterUuid":"11111111-1111-1111-1111-111111111111","vmUuid":"11111111-1111-1111-1111-111111111111","ipAddress":"192.0.2.0","osType":"WINDOWS","vmManageabilityStatus":"HOST_MODULE_ENABLED_AND_GUEST_MODULE_MISSING","guestAgentVersion":"1.0.1.0","macAddress":"<MacAddress>","guestId":"windows8","healthStatus":"CRITICAL","service":{"id":28486},"vmId":"1","guestAgentStatus":"Disconnected","guestName":"Microsoft Windows","guestStatus":"POWERED_OFF","name":"<name>","hostName":"<host>"},"violatingProcess":{"processReputationProfile":{"processFileInfo":{"md5":"000000000000000000000000000000","sha256":"00000000000000000000000000000000000000000000000000000000000","container":false,"executable":true,"ssdeep":"100:THGFJFJFHJY7y86gHK7GHk7ghjgkghjk","fileSizeBytes":1,"peFormat":true,"firstSeenName":"<fileName>","sha1":"000000000000000000000000000000000000","crc32":null},"peHeaderMetadata":{"companyName":"Microsoft Corporation","productName":"Microsoft Windows,"version":null,"originalName":"<host>","description":"<description>","fileVersion":"192.0.2.0,"codePage":null,"productVersion":"6.3.9600.17415","language":"English (U.S.)"},"certificate":{"commonName":"Windows","certificateexinfo":{"thumbprint":"000000000000000000000000000000000000000000000","issuerThumbprint":"000000000000000000000000000000000","serialNumber":null,"validToDate":1437604140.000000000,"validFromDate":1398205740.000000000,"publisher":null,"name":null}},"trust":10,"threat":0},"fullPathName":"C:\\<path>","process256Hash":"000000000000000000000000000000000000000000000000000000000000","processMd5Hash":"000000000000000000000000000000000"},"subRuleViolated":null,"ruleViolated":"OUTBOUND_CONNECTION"}