The SWIFT Network Pilot use cases were constructed on the idea of generated Syslog events.
Thus, FINSEC developed a Probe software to make possible the detection of syslog messages and convert them to FINSTIX format, before sending them to the data collector.
The events that can be currently identified is the “Invalid Signon Attempt” and the “Login outside working hours”.
The Assets involved in the identified SWIFT service, were also provided in FINSTIX form by the Syslog Probe and through the Data Collector.
The Syslog Probe for FINSEC was developed based on an open source tool, Node-RED. The Figure below presents the high-level architecture of the Syslog Probe.