<< PREVIOUS               NEXT >>

 

FILE INTEGRITY FAILURES

 

PROCESS MONITORING

  1. Code: 40

  2. Brief Description: Process Monitoring

  3. Provided Information:

    1. Event ID

    2. Server Name – Name of the Application Instance

    3. Incident Level – Attack or Threat

    4. Incident Category

    5. Incident Type – Process Monitoring

    6. Incident Timestamp

    7. Parent Process Name

    8. Username

    9. Start Time (Timestamp)

    10. Process Pid

    11. Parent Process Start time (Timestamp)

    12. Checksum

    13. Action

    14. Process Path

    15. Process Name

    16. Parameters

    17. Event Type

    18. Parent Pid

    19. Number of Libraries

    20. Event Time

  4. Sample log message:

    1. CEF format

       

      Jul  7 03:41:19 10.16.6.4 CEF: 1|Virsec Security Platform|Virsec|1.3.0|40|Process Monitoring|10|EventId=VS-PRCM-070720-A00268|Server_Name=win_webgoat_10 Incident_Level=ATTACK Incident_Category=FILE_INTEGRITY Incident_Type=Process Monitoring Incident_Timestamp=07 Jul 2020 07:42:24 AM UTC Parent Process Name= Username=administrator Start Time=2020-07-07 07:41:27.557 Process Pid=6028 Parent Process Creation Time= Checksum=ec5988f93e413b76676f2743e85cd952 Action=Monitor Process Path=c:/users/administrator/desktop/procexp64.exe Process Name=procexp64.exe Parameters=C:/Users/Administrator/Desktop/procexp64.exe  Event Type=New Process Parent Pid=3972 Number of Libraries=0 description=Process Monitoring category=File Integrity eventTime=2020-07-07 07:41:27.557

    2. CEF - Fixed Key Definition format

       

      Sep  7 09:37:19 10.16.5.83 CEF: 1|Virsec Security Platform|Virsec|1.4.0|40|Process Monitoring|10|EventId=VS-PRCM-090720-A56139|cs1Label=Server_Name cs1=rhel-123 cs2Label=Incident_Level cs2=ATTACK cs3Label=Incident_Category cs3=FILE_INTEGRITY cs4Label=Incident_Type cs4=Process Monitoring cs5Label=Incident_Timestamp cs5=07 Sep 2020 01:38:13 PM UTC cs6Label=Parent Process Name cs6=bash cs7Label=Username cs7=root cs8Label=Start Time cs8=2020-09- 7T13:38:13.67-04:00 cs9Label=Process Pid cs9=30458 cs10Label=Parent Process Creation Time cs10=2020-09- 7T13:37:38.503-04:00 cs11Label=Checksum cs11=079f7b9b16717eaf33401259bf3709e6 cs12Label=Action cs12=Monitor cs13Label=Process Path cs13=/home/virsec/wget cs14Label=Process Name cs14=wget cs15Label=Process Profile Name cs15=Profile_123 cs16Label=Incident Type cs16=NewProcess cs17Label=Parameters cs17=/home/virsec/wget  cs18Label=processObjectId cs18=5f5637c597a70017b8e09258 cs19Label=Event Type cs19=New Process cs20Label=Parent Pid cs20=30432 cs21Label=Number of Libraries cs21=0 cs22Label=description cs22=Process Monitoring cs23Label=category cs23=File Integrity cs24Label=eventTime cs24=2020-09- 7T13:38:13.67-04:00

 

 

<< PREVIOUS   NEXT >>