Team Viewer Outgoing Connection Ingestion

Question

There is a prebuilt parser in SecOps SIEM. This particular parser is made for Team Viewer audit events. Is there anyone who have managed to build their own parser where it is used for Team Viewer Outgoing Connection?

Please be informed audit events for Team Viewer are only applicable for events from:
https://www.teamviewer.com/en/global/support/knowledge-base/teamviewer-tensor-classic/security/auditability-event-log/

The ones which i require help on the parsing is for Outgoing Connection:

https://www.teamviewer.com/en/global/support/knowledge-base/teamviewer-classic/remote-control/out-of-session-features/connection-reports/

Much appreciated for any guidance.

Thank you.

Page 1 / 1

You will need to build a custom parser for TeamViewer outgoing connection reports in Google SecOps. The prebuilt parser is designed specifically for TeamViewer audit events from the Tensor platform, which are different from the connection reports you're looking to ingest.

Take a look here for how to get started:
Manage prebuilt and custom parsers

Reply

kentphelps · Answer

You will need tobuild a custom parser for TeamViewer outgoing connection reports in Google SecOps. The prebuilt parser is designed specifically for TeamViewer audit events from the Tensor platform, which are different from the connection reports you're looking to ingest.Take a look here for how to get started:Manage prebuilt and custom parsers

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded