I currently use the ESET Remote Administrator.
However, I can not divide log fields with sourcetype.
Please tell me the precise sourcetype setting when importing ESET logs.
2018-08-28T10:59:14+09:00 eset.user.info {"message":"1 2018-08-28T01:59:14.307Z iptpeset01 ERAServer 5360 - - {\"event_type\":\"Audit_Event\",\"ipv4\":\"172.18.1.30\",\"hostname\":\"eset01\",\"source_uuid\":\"014b605e-aede-40a3-b15e-c2bc1b3509a5\",\"occured\":\"28-Aug-2018 01:59:14\",\"severity\":\"Information\",\"domain\":\"Native user\",\"action\":\"Logout\",\"target\":\"Administrator\",\"detail\":\"Logging out native user 'Administrator'.\",\"user\":\"00000000-0000-0000-7002-000000000002\",\"result\":\"Success\"}"}
2018-08-28T11:34:16+09:00 eset.user.warn {"message":"1 2018-08-28T02:34:16.220Z iptpeset01 ERAServer 5360 - - {\"event_type\":\"Threat_Event\",\"ipv4\":\"172.17.18.249\",\"hostname\":\"local\",\"source_uuid\":\"e2b5397c-c61b-43e0-9ae6-f53acf0cae7b\",\"occured\":\"28-Aug-2018 02:33:47\",\"severity\":\"Warning\",\"threat_type\":\"test file\",\"threat_name\":\"Eicar\",\"scanner_id\":\"HTTP filter\",\"scan_id\":\"virlog.dat\",\"engine_version\":\"17954 (20180827)\",\"object_type\":\"file\",\"object_uri\":\"http://www.eicar.org/download/eicar.com.txt\",\"action_taken\":\"connection terminated\",\"threat_handled\":true,\"need_restart\":false,\"username\":\"yamada\",\"processname\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\firefox.exe\",\"circumstances\":\"Threat was detected upon access to web.\",\"hash\":\"3395856CE81F2B7382DEE72602F798B642F14140\"}"}
... View more