Stormshield

Stormshield provides high-performance network security. Logpoint aggregates and normalizes logs related to web, data, threats, system, hardware, applications and interface events from Stormshield systems so you can analyze the information through dashboards and security reports.

Release Details

Version:5.3.0

Release date: May 02, 2024

Supported On: Logpoint v7.4.0 or later for log source template

Documentation: Stormshield Guide

SHA 256: 47d5ad012e3d6af159c683f2a4c53d8568024c22b1852760649c4324fed04fe9

Download

Enhancement

Description	Issue ID	Reference ID
Added Syslog Collector based Stormshield log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.	KB-22700	-

Past Releases

Stromshield v5.2.0

Release Date: December 13, 2022

Supported On: Logpoint v6.7.0 or later

Download: Stormshield_5.2.0.pak

SHA256: fc1eba6eea34bae4d2a27e42a48aac405c254af7ae4313dad4058ca05ac10d3c

Enhancements

Description	Issue ID	Reference ID
Created a new compiled normalizer StormShiedlEndpointSecurityCompiledNormalizer, which supports the StormshieldEndpointSecurity logs.	KB-17358	67338

The following fields are updated and mapped to Logpoint taxonomy to maintain consistency:

Previously Used Field Name	Modified Field Name	Issue ID	Zendesk Support ID
User	user_sid	KB-17358	67338
UserNameLookup	user
State	state_value
StateName	state
Attributes	attribute
Details_Attributes	detail_attribute
LocalRadioDeviceInfo_DeviceName	local_device
LocalRadioDeviceInfo_MajorDeviceClass	local_major_device_class
LocalRadioDeviceInfo_MajorServiceClass	local_major_service_class
LocalRadioDeviceInfo_MinorDeviceClass_Major	local_minor_device_class_major
LocalRadioDeviceInfo_MinorDeviceClass_Minor	local_minor_device_class
ConnectedDeviceInfo_DeviceName	connect_device
ConnectedDeviceInfo_MajorDeviceClass	connect_major_device_class
ConnectedDeviceInfo_MajorServiceClass	connect_major_service_class
ConnectedDeviceInfo_MinorDeviceClass_Major	connect_minor_device_class_major
ConnectedDeviceInfo_MinorDeviceClass_Minor	connect_minor_device_class
LocalRadioDeviceInfo_MinorDeviceClass_Major	local_minor_device_class_major
IPInterface	interface_address
SpoofedMacAddress	spoofed_hardware_address

Stormshield v5.1.0

Enhancements

Description

Issue ID

Reference ID

Stromshiled now includes:

The dashboard packages listed in the Package Details section provide visualization for Stormshield Network Security (SNS) events related to applications, data, hardware, interfaces, systems, threats, and the web.
The search template LP_Stormshield Network Security Monitor provides an overview of the Stormshield Network Security(SNS) events.
The compiled normalizer StormshieldManagerCompiledNormalizer, which supports the Stormshield Manager logs.

KB-12892, KB-13384, KB-9360

42325

The following fields are updated and mapped to the LogPoint taxonomy to maintain consistency:

Previously Used Field Name	Modified Field Name	Issue ID	Reference Support ID
src	source	KB-12892	42325
dstname	destination_host
dstcountry	destination_country
cat_site	category

Stormshield v5.0.1

Enhancement

A minor update has been made in the Stormshield's normalizer for better signature handling.

Stormshield v3.2.0

Release Date: May 14, 2020

Download: Stormshield_3.2.0.pak

SHA256: 9642ac6e844502b63c8bd05f5084ea996d30cdcbc408b3c6cacb2bba765faa18

Enhancement

A minor update has been made in the Stormshield's normalizer for better signature handling.

Support

If you have any questions or require assistance, create a support ticket.

Stormshield

Enhancement

Past Releases

Stromshield v5.2.0

Enhancements

Stormshield v5.1.0

Enhancements

Stormshield v5.0.1

Enhancement

Stormshield v3.2.0

Enhancement

Support

Comments

Related articles