https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415613#M823 <P>In short, via Syslog then it will not be possible to obtain Miter ID information?</P> Mon, 28 Jun 2021 14:08:13 GMT rodrigoduarte 2021-06-28T14:08:13Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415332#M817 <P>Hello new friends.</P><P>I have a receiver receiving events via Syslog in CEF format, but I can't include the Miter ID field.</P><P>Any suggestion ?</P> Sat, 26 Jun 2021 04:05:51 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415332#M817 rodrigoduarte 2021-06-26T04:05:51Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415410#M820 <P>Hi Rodrigoduarte,</P><P>&nbsp;</P><P>Are you saying that you cant create this filter? then select the syslog server you set-up?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="jcandelaria_0-1624764857262.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/34604i1C44F7DC1FF797AD/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="jcandelaria_0-1624764857262.png" alt="jcandelaria_0-1624764857262.png" /></span></P><P>&nbsp;</P> Sun, 27 Jun 2021 03:34:32 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415410#M820 jcandelaria 2021-06-27T03:34:32Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415467#M821 <P>Could you give me a basic procedure to apply this filter via Syslog? I'm not the tool administrator, I work with SIEM.<BR />The Cortex administrator said that it was not possible to forward the Miter ID field and I am 80% sure it is possible.</P> Sun, 27 Jun 2021 18:59:12 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415467#M821 rodrigoduarte 2021-06-27T18:59:12Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415608#M822 <P>Hi&nbsp;<SPAN>Rodrigoduarte,<BR /><BR />Its not possible to configure XDR syslog forwarding fields. Scope of Alerts, syslog server and log type (Alerts, Agent Audit logs, Management Audit logs) are just configurable.&nbsp;<BR />Below URL is about to XDR log formats&nbsp;that the Cortex Data Lake app can forward logs to external syslog server or email.<BR /><BR /><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/logs/cortex-xdr-log-notification-formats/agent-logs-format-syslog-export-logging-service" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/logs/cortex-xdr-log-notification-formats/agent-logs-format-syslog-export-logging-service</A><BR /></SPAN></P> Mon, 28 Jun 2021 14:02:52 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415608#M822 etugriceri 2021-06-28T14:02:52Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415613#M823 <P>In short, via Syslog then it will not be possible to obtain Miter ID information?</P> Mon, 28 Jun 2021 14:08:13 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415613#M823 rodrigoduarte 2021-06-28T14:08:13Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415629#M824 <P>thats correct. There is no field which is related with MITRE in syslog payload but still you can get that information via Email alert or via API.&nbsp;</P><P>&nbsp;</P><P>related fields in email =&nbsp;mitre_tactic_ids,&nbsp;mitre_technique_ids,&nbsp;mitre_tactic_id_and_name<BR />for the API =mitre_tactics_ids_and_names, mitre_techniques_ids_and_names</P><P>&nbsp;</P><P>for the api details, you can check below.&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/incident-management/get-extra-incident-data.html" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/incident-management/get-extra-incident-data.html</A></P> Mon, 28 Jun 2021 15:20:29 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415629#M824 etugriceri 2021-06-28T15:20:29Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415744#M827 <P>Hi Rodrigoduarte</P><P>Yes, if you are looking for the mitre id inside the syslog alert itself, its not included as specified by link posted by Etugriceri</P><P>Feature request can be requested on this.</P> Mon, 28 Jun 2021 21:25:32 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/forward-the-miter-id-field-by-syslog-in-cef-format-is-it/m-p/415744#M827 jcandelaria 2021-06-28T21:25:32Z