🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Microsoft DHCP Integration Guide

integrations endpoints microsoft


This guide provides configuration instructions for Microsoft Dynamic Host Configuration Protocol (DHCP) logging in order to transmit the logs for security monitoring by other agents. Supported agents can be found at Connect Microsoft Windows Event Log.

The Secureworks® Taegis™ XDR On-Premises Data Collector accepts DHCP logs in a comma-delimited format.

Connectivity Requirements

Source Destination Port/Protocol
Windows Server Taegis™ XDR Collector (mgmt IP) UDP/514

Data Provided from Integration

  Auth DHCP DNS File HTTP Management Netflow NIDS Process Thirdparty
Microsoft DHCP   Y                

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Logging Configuration Instructions

Windows servers must be configured to send DHCP logs via syslog to the Taegis™ XDR Collector.

Please refer to the vendor’s site for configuration guidance.

Important

The data source must be configured to report timestamps as UTC to ensure that Secureworks® Taegis™ XDR reports the correct time zone.

Note

NXLog CE does not support changing the timestamp into UTC. If that is required, a different product like NXlog Enterprise Edition is required.

An example of logging instructions:

Note

If using the NXLog Template for DHCP logging, ensure the DHCP Logs File path listed in the template matches the Audit log file path configuration setting on the server.

Sample Logs

January  1 2021 01:01:01 10.10.10.10 DHCPLog: 10,01/01/01,01:01:01,Assign,192.0.2.10,sampleHost1,000000000000,,17739,0,,,

January  1 2021 01:01:01 10.10.10.10 DHCPLog: 10,01/01/01,01:01:01,Assign,192.0.2.20,sampleHost2, 000000000000,,3096562285,0,,,,0x4D53465420352E30,MSFT 5.0,,,,0

 

On this page: