Skip to main content

Microsoft DHCP

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway.

Microsoft DHCP

This pack includes Cortex XSIAM content.

Configuration on Server Side

  1. Start the DHCP administration tool (go to Start → Programs → Administrative Tools, and click DHCP).
  2. Right-click the DHCP server, and select Properties from the context menu.
  3. Select the General tab.
  4. Select the Enable DHCP audit logging checkbox.
  5. Click OK.

Note:
Time parsing is supported only when the below fields have the mentioned formats:

  • date - MM/dd/yy (01/10/21)
  • time - hh:mm:ss (10:00:00)
  • timezone - +|-nn:nn (+03:00)

Collect Events from Vendor

In order to use the collector, use the XDRC (XDR Collector) option.

XDRC (XDR Collector)

To create or configure the Filebeat collector, use the information described here and here.

You can configure the vendor and product by replacing [vendor]_[product]_raw with microsoft_dhcp_raw.

As cortex XSIAM provides YAML template for DHCP, you can use the following steps to create a collection profile:

  1. In XSIAM, select Settings → Configurations → XDR Collectors → Profiles → +Add Profile → Windows.

  2. Select Filebeat profile or Winlogbeat profile, then click Next.

  3. Configure the General Information parameters:

  4. Profile Name — Specify a unique Profile Name to identify the profile. The name can contain only letters, numbers, or spaces, and must be no more than 30 characters. The name you choose will be visible from the list of profiles when you configure a policy.

  5. Add description here—(Optional) To provide additional context for the purpose or business reason that explains why you are creating the profile, specify a profile description.

  6. Configure the settings for the profile selected in Step 2 - To add the "DHCP" template, select it and click Add.

PUBLISHER

Cortex

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedFebruary 21, 2023
Last ReleaseNovember 2, 2023
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.