Reading Gravity Zone Syslog
I am writing a Python program to read Gravity Zone syslogs and wondering about the log structure. I understand that Gravity Zone can produce different events (Malware detection events, phishing/fraud events, etc.)
I am trying to understand if those events have some sort of header that identifies the event type or are these events placed into different logs?
For example, here is a log snippet (from the Gravity Zone manual), but other than read the raw JSON, how does someone know that this is a malware event? Is there a header? Is there a "type_of_event" field somewhere? Reading the raw JSCON to see if the word "malware" appears as a field seems sub-optimal, so just wondering if I am missing something?
Here is the sample JSON - yes I can kind of figure out that the this is a malware event due to the malware_type field, but I would rather say "If event_type = 'malware_event' - but I don't see anywhere in the syslog samples where that is possible.
If anyone has a tool they are using to read these logs, would love to hear your approach...thank you in advance.
Mar 15 23:04:56 gz gravityzone: [av] {"computer_name":"DEMO-W7-11","computer_ip" :"192.168.5.137","computer_id":"532806300678598e738b4571","product_installed":"E PS","malware_type":"file","malware_name":"BAT.Trojan.FormatC.Z","file_path":"C:\ \Users\\username\\Desktop\\New Text Document.txt","final_status":"quarantined"," timestamp":"2015-03-15T21:04:49.000Z","module":"av"}
Answers
Hi Member,
Support for business product on forum is very limited. Kindly drop an email to bitdefender support at [email protected] regarding your query .They will reply back asap.
Regards
Flex
(Bitdefender beta tester 2019/ 2020)
Thanks for the update and quick reply. I'll be sure to keep an eye on this thread. Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution mcdvoice
Python program is very difficult to coding but this blog is really helpful to me thank u
[url=https://postalexperiencecompos.tech/]postalexperience.com/pos[/url]