<< PREVIOUS                                                                                                        NEXT >>

FILE INTEGRITY

1. Code: 42

2. Brief Description: File Integrity

3. Sample log message:

   1. New File

      1. CEF Format

          

         Jun 29 00:50:19 10.16.3.5 CEF: 1|Virsec Security Platform|Virsec|1.3.0|42|File Integrity|8|EventId=VS-FINT-062920-T00057|Application_Name=Win_Webgoat_10_job 1.5 Server_Name=Win2012R2 Incident_Level=THREAT Incident_Category=FILE_INTEGRITY Incident_Type=File Integrity Incident_Timestamp=29 Jun 2020 04:50:55 AM UTC File Path=C:\ProgramData\MySQL\MySQL Server 5.7\Data\webgoat\ownership.ibd IP Address=10.16.3.22 File Modifiled At=NA ACL= MAC Address=00-0C-29-70-90-61 Checksum= Old File Name= Symbolic Link=0 File Access At=NA File Name=ownership.ibd Alert Type=FILE_REMOVED Link Path= File Type=System File Author=Unknown User Id= File Version= File Created At=NA Old File Path= Group Id= pid=0 description=File Integrity category=File Integrity eventTime=2020-06-29 04:50:55.672 tid=0

      2. CEF - Fixed Key Definition format

          

         Sep  7 09:01:08 int.cms.virsec.com CEF: 1|Virsec Security Platform|Virsec|1.4.0|42|File Integrity|8|EventId=VS-FINT-090720-T00011|cs1Label=Application_Name cs1=webgoat_and_Nginx 1.0 cs2Label=Server_Name cs2=redhat7_13_53 cs3Label=Incident_Level cs3=THREAT cs4Label=Incident_Category cs4=FILE_INTEGRITY cs5Label=Incident_Type cs5=File Integrity cs6Label=Incident_Timestamp cs6=07 Sep 2020 01:01:08 PM UTC cs7Label=File Path cs7=/opt/apache-tomcat-7.0.85/bin/sample.txt cs8Label=IP Address cs8=10.16.13.53 cs9Label=File Modifiled At cs9=2020-09- 7T09:01:06.448-04:00 cs10Label=ACL cs10=-rw-r--r-- cs11Label=MAC Address cs11=00:0C:29:87:FD:5A cs12Label=File Status cs12=File verified by Threat Intelligence Service cs13Label=Checksum cs13=d41d8cd98f00b204e9800998ecf8427e cs14Label=Old File Name cs14= cs15Label=Symbolic Link cs15=0 cs16Label=File Access At cs16=2020-09- 7T09:01:06.448-04:00 cs17Label=File Name cs17=sample.txt cs18Label=Alert Type cs18=NEW_FILE cs19Label=Link Path cs19= cs20Label=File Type cs20=System cs21Label=File Author cs21=Unknown cs22Label=User Id cs22=root cs23Label=File Created At cs23=2020-09- 7T09:01:06.448-04:00 cs24Label=File Version cs24= cs25Label=Old File Path cs25= cs26Label=Group Id cs26=root cs27Label=pid cs27=0 cs28Label=description cs28=File Integrity cs29Label=category cs29=File Integrity cs30Label=eventTime cs30=2020-09-07 13:01:07.144 cs31Label=tid cs31=0

   2. File Renamed

      1. CEF Format

          

         Jul 21 07:28:34 10.16.13.22 CEF: 1|Virsec Security Platform|Virsec|1.3.0|42|File Integrity|8|EventId=VS-FINT-072120-T00020|Application_Name=webgoat 1.0 Server_Name=Win_51_2012 Incident_Level=THREAT Incident_Category=FILE_INTEGRITY Incident_Type=File Integrity Incident_Timestamp=21 Jul 2020 11:28:34 AM UTC File Path=D:\tomcat-7.0.85\bin\test.txt IP Address=10.16.13.51 File Modifiled At=2020-07-21 04:28:38.000619 ACL=Administrators[RWX]  SYSTEM[RWX]  Users[R X]   MAC Address=00-0C-29-FC-2B-F2 File Status=Threat Intelligence Service Un-Available Checksum=d41d8cd98f00b204e9800998ecf8427e Old File Name=New Text Document.txt Symbolic Link=0 File Access At=2020-07-21 04:28:38.000619 File Name=test.txt Alert Type=FILE_RENAMED Link Path= File Type=System File Author=Unknown User Id=Administrators File Created At=2020-07-21 04:28:38.000619 File Version= Old File Path=D:\tomcat-7.0.85\bin\New Text Document.txt Group Id=BUILTIN pid=0 description=File Integrity category=File Integrity eventTime=2020-07-21 11:28:34.145 tid=0

      2. CEF - Fixed Key Definition format

          

         Sep 25 01:52:38 int.cms.virsec.com CEF: 1|Virsec Security Platform|Virsec|1.4.0|42|File Integrity|8|EventId=VS-FINT-092520-T00005|cs1Label=Application_Name cs1=tomcat-7 tomcat7 cs2Label=Server_Name cs2=redhat7_13_53 cs3Label=Incident_Level cs3=THREAT cs4Label=Incident_Category cs4=FILE_INTEGRITY cs5Label=Incident_Type cs5=File Integrity cs6Label=Incident_Timestamp cs6=25 Sep 2020 07:56:54 AM UTC cs7Label=File Path cs7=/opt/apache-tomcat-7.0.85/bin/abcd cs8Label=IP Address cs8=10.16.13.53 cs9Label=ACL cs9=-rw------- cs10Label=MAC Address cs10=00:0C:29:87:FD:5A cs11Label=File Status cs11=File verified by Threat Intelligence Service cs12Label=Checksum cs12=a596c20ce7a2873925307a29724539c5 cs13Label=Old File Name cs13=abcd1 cs14Label=Symbolic Link cs14=0 cs15Label=File Access At cs15=2020-09-25T01:01:54.680-04:00 cs16Label=File Name cs16=abcd cs17Label=Alert Type cs17=FILE_RENAMED cs18Label=Link Path cs18= cs19Label=File Type cs19=System cs20Label=File Author cs20=Unknown cs21Label=File Modified At cs21=2020-09-25T01:01:54.680-04:00 cs22Label=User Id cs22=root cs23Label=File Created At cs23=2020-09-25T01:01:54.680-04:00 cs24Label=File Version cs24= cs25Label=Old File Path cs25=/opt/apache-tomcat-7.0.85/bin/abcd1 cs26Label=Group Id cs26=root cs27Label=pid cs27=0 cs28Label=description cs28=File Integrity cs29Label=category cs29=File Integrity cs30Label=eventTime cs30=2020-09-25T07:56:54.073+00:00 cs31Label=tid cs31=0

   3. File Modified

      1. CEF Format

          

         Jul 21 07:29:00 10.16.13.22 CEF: 1|Virsec Security Platform|Virsec|1.3.0|42|File Integrity|8|EventId=VS-FINT-072120-T00021|Application_Name=webgoat 1.0 Server_Name=Win_51_2012 Incident_Level=THREAT Incident_Category=FILE_INTEGRITY Incident_Type=File Integrity Incident_Timestamp=21 Jul 2020 11:29:00 AM UTC File Path=D:\tomcat-7.0.85\bin\test.txt IP Address=10.16.13.51 File Modifiled At=2020-07-21 04:29:08.000401 ACL=Administrators[RWX]  SYSTEM[RWX]  Users[R X]   MAC Address=00-0C-29-FC-2B-F2 File Status=Threat Intelligence Service Un-Available Checksum=a5693a200235ff59a7b3a0785f6124fc Old File Name= Symbolic Link=0 File Access At=2020-07-21 04:28:38.000619 File Name=test.txt Alert Type=FILE_MODIFIED Link Path= File Type=System File Author=Unknown User Id=Administrators File Created At=2020-07-21 04:28:38.000619 File Version= Old File Path= Group Id=BUILTIN pid=0 description=File Integrity category=File Integrity eventTime=2020-07-21 11:29:00.145 tid=0

      2. CEF - Fixed Key Definition format

          

         Sep  7 09:01:08 int.cms.virsec.com CEF: 1|Virsec Security Platform|Virsec|1.4.0|42|File Integrity|8|EventId=VS-FINT-090720-T00010|cs1Label=Application_Name cs1=webgoat_and_Nginx 1.0 cs2Label=Server_Name cs2=redhat7_13_53 cs3Label=Incident_Level cs3=THREAT cs4Label=Incident_Category cs4=FILE_INTEGRITY cs5Label=Incident_Type cs5=File Integrity cs6Label=Incident_Timestamp cs6=07 Sep 2020 01:01:08 PM UTC cs7Label=File Path cs7=/opt/apache-tomcat-7.0.85/bin/sample.txt cs8Label=IP Address cs8=10.16.13.53 cs9Label=File Modifiled At cs9=2020-09- 7T09:01:06.452-04:00 cs10Label=ACL cs10=-rw-r--r-- cs11Label=MAC Address cs11=00:0C:29:87:FD:5A cs12Label=File Status cs12=File verified by Threat Intelligence Service cs13Label=Checksum cs13=d41d8cd98f00b204e9800998ecf8427e cs14Label=Old File Name cs14= cs15Label=Symbolic Link cs15=0 cs16Label=File Access At cs16=2020-09- 7T09:01:06.452-04:00 cs17Label=File Name cs17=sample.txt cs18Label=Alert Type cs18=FILE_MODIFIED cs19Label=Link Path cs19= cs20Label=File Type cs20=System cs21Label=File Author cs21=Unknown cs22Label=User Id cs22=root cs23Label=File Created At cs23=2020-09- 7T09:01:06.452-04:00 cs24Label=File Version cs24= cs25Label=Old File Path cs25= cs26Label=Group Id cs26=root cs27Label=pid cs27=0 cs28Label=description cs28=File Integrity cs29Label=category cs29=File Integrity cs30Label=eventTime cs30=2020-09-07 13:01:07.144 cs31Label=tid cs31=0

   4. File Removed

      1. CEF Format

          

         Jul 21 07:29:18 10.16.13.22 CEF: 1|Virsec Security Platform|Virsec|1.3.0|42|File Integrity|8|EventId=VS-FINT-072120-T00022|Application_Name=webgoat 1.0 Server_Name=Win_51_2012 Incident_Level=THREAT Incident_Category=FILE_INTEGRITY Incident_Type=File Integrity Incident_Timestamp=21 Jul 2020 11:29:18 AM UTC File Path=D:\tomcat-7.0.85\bin\test.txt IP Address=10.16.13.51 File Modifiled At=NA ACL= MAC Address=00-0C-29-FC-2B-F2 Checksum= Old File Name= Symbolic Link=0 File Access At=NA File Name=test.txt Alert Type=FILE_REMOVED Link Path= File Type=System File Author=Unknown User Id= File Version= File Created At=NA Old File Path= Group Id= pid=0 description=File Integrity category=File Integrity eventTime=2020-07-21 11:29:18.145 tid=0

      2. CEF - Fixed Key Definition format

          

         Sep  7 09:04:26 int.cms.virsec.com CEF: 1|Virsec Security Platform|Virsec|1.4.0|42|File Integrity|8|EventId=VS-FINT-090720-T00012|cs1Label=Application_Name cs1=webgoat_and_Nginx 1.0 cs2Label=Server_Name cs2=redhat7_13_53 cs3Label=Incident_Level cs3=THREAT cs4Label=Incident_Category cs4=FILE_INTEGRITY cs5Label=Incident_Type cs5=File Integrity cs6Label=Incident_Timestamp cs6=07 Sep 2020 01:04:26 PM UTC cs7Label=File Path cs7=/opt/apache-tomcat-7.0.85/bin/sample1.txt cs8Label=IP Address cs8=10.16.13.53 cs9Label=File Modifiled At cs9=NA cs10Label=ACL cs10= cs11Label=MAC Address cs11=00:0C:29:87:FD:5A cs12Label=Checksum cs12= cs13Label=Old File Name cs13= cs14Label=Symbolic Link cs14=0 cs15Label=File Access At cs15=NA cs16Label=File Name cs16=sample1.txt cs17Label=Alert Type cs17=FILE_REMOVED cs18Label=Link Path cs18= cs19Label=File Type cs19=System cs20Label=File Author cs20=Unknown cs21Label=User Id cs21= cs22Label=File Version cs22= cs23Label=File Created At cs23=NA cs24Label=Old File Path cs24= cs25Label=Group Id cs25= cs26Label=pid cs26=0 cs27Label=description cs27=File Integrity cs28Label=category cs28=File Integrity cs29Label=eventTime cs29=2020-09-07 13:04:26.785 cs30Label=tid cs30=0

<< PREVIOUS  NEXT >>