Versions Compared

Version Old Version 3 New Version 4
Changes made by

Juan Tomás Alonso Nieto (Deactivated)

Juan Tomás Alonso Nieto (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Technology

Data table name

Akamai

cef0.akamai.akamai_siem +info

Amazon Web Services

cef0.amazon.* +info

AnubisNetworks Cyberfeed

  • cef0.anubisnetworks.cyberfeed

  • cef0.anubisnetworks.cyberfeedRealTimeThreatIntelligence

Akamai Logger

cef0.arcsight.logger +info

AWN CyberSOC

  • cef0.cybersoc.incapsula

  • cef0.cybersoc.servicedesk

AWS VPC Flow Log

cef0.aws.vpcFlow +info

Barracuda Web Application Firewall

cef0.barracuda.waf +info

Barracuda Networks

cef0.barracudanetworks +info

Blue Coat Systems

cef0.bluecoat +info

Carbon Black Protection

cef1.carbonBlack.protection +info

Check Point

  • cef0.checkPoint.antiMalware +info

  • cef0.checkPoint.applicationControlAndUrlFiltering +info

  • cef0.checkPoint.compliance +info

  • cef0.checkPoint.contentAwareness +info

  • cef0.checkPoint.endpointManagement +info

  • cef0.checkPoint.fde +info

  • cef0.checkPoint.firewall +info

  • cef0.checkPoint.mepp +info

  • cef0.checkPoint.newAntiVirus +info

  • cef0.checkPoint.scheduledSystemUpdate +info

  • cef0.checkPoint.threatEmulation +info

  • cef0.checkPoint.threatExtraction +info

  • cef0.checkPoint.vpn1Firewall1AndContentAwareness +info

  • cef0.checkPoint.web_api +info

  • cef0.checkPoint.zeroPhishing +info

Check Point Application Control

cef0.checkPoint.applicationControl +info

Check Point dshield agent log

cef0.checkPoint.stormagent

Check Point Firewall

  • cef0.checkPoint.firewall1

  • cef0.checkPoint.fwm

Check Point Log Exporter

cef0.checkPoint.logUpdate (shown as cef0.check-point.log-update)

Check Point Security Compliance

  • cef0.checkPoint.complianceBlade

  • cef0.checkPoint.cpmiClient

Check Point Security Gateway

  • cef0.checkPoint.httpsInspection

  • cef0.checkPoint.logSystem

  • cef0.checkPoint.securityGatewayManagement

Check Point Security Management Appliances

cef0.checkPoint.securityManagementServer

Check Point SmartDashboard

cef0.checkPoint.smartdashboard

Check Point SmartDefense

cef0.checkPoint.smartdefense

Check Point SmartView

  • cef0.checkPoint.smartviewMonitor

  • cef0.checkPoint.smartviewTracker

  • cef0.checkPoint.system

  • cef0.checkPoint.systemMonitor

Check Point VPN Solutions

  • cef0.checkPoint.vpn1

  • cef0.checkPoint.vpn1EmbeddedConnector

  • cef0.checkPoint.vpn1Firewall1

  • cef0.checkPoint.vpn1Firewall1Smartdefense

Cisco ASA

cef0.cisco.asa

Cisco Email Security

cef0.cisco.ironport

Cisco FWSM

cef0.cisco.fwsm

Cisco Intrusion Detection System

cef0.cisco.ciscoIntrusionPreventionSystem

Cisco Meraki Access Point

cef0.cisco.merakiAccessPoint +info

Cisco NX-OS Software

cef0.cisco.nxOs

Cisco routers

cef0.cisco.ciscorouter

Cisco Secure Access Control System

cef0.cisco.ciscoSecureAcs

Cisco/Sourcefire FireSIGHT System Event Streamer (eStreamer)

cef0.sourcefire.sourcefireManagementConsoleEstreamer

Crowdstrike Falcon Host

cef0.crowdstrike.falconhost

CyberArk Enterprise Password Vault

cef0.cyberArk.vault

Cybereason

cef0.cybereason.* +info

F5 ASM

cef0.f5.asm +info

F5 BIG-IP Application Services

cef0.f5.bigIp

Fireeye Email Security

  • cef0.fireeye.emps

  • cef0.fireeye.mps

Forcepoint Data Loss Prevention

cef0.forcepoint.forcepointDlp

Forcepoint Firewall

cef0.forcepoint.firewall

Forcepoint Web Security

cef0.forcepoint.security +info

Forescout CounterACT

  • cef0.forescout.counteract

  • cef0.forescoutTechnologies.counteract +info

Fortinet FortiGate

  • cef0.fortinet.fortigate60e +info

  • cef0.fortinet.fortigate300d +info

  • cef0.fortinet.fortigate600e  +info

  • cef0.fortinet.fortigate400e +info 

  • cef0.fortinet.fortigate200e +info

IBM AS/400

cef0.ibm.as400

IBM Guardium

cef0.ibm.guardium +info

IBM Security 

cef0.ibm.securityAccessManager +info

Imperva Attack Analytics

cef0.impervaInc.attackAnalytics +info

Imperva SecureSphere MX Management Server

cef0.impervaMx.securesphere

Infoblox Network Identity Operating System

cef0.infoblox.nios

Ipswitch Secure File Transfer Software

cef0.ipswitch.sftp

Juniper Junos OS

cef0.juniper.junos

Juniper NetScreen Security

cef0.juniper.netscreenVpn

Juniper Network & Security Manager

cef0.juniper.nsm

Juniper ScreenOS Firewall

cef0.netscreen.firewallVpn

Juniper SSL VPN

cef0.juniper.juniperSsl

Kaspersky

  • cef0.kaspersky.kaspersky +info

  • cef0.kasperskylab.securitycenter +info

  • cef0.kaspersky.securityCenter +info

  • cef0.kaspersky.securityCenterNetworkAgent +info

  • cef0.kaspersky.kasperskyAntivirusForWindowsServersEnterpriseEdition +info

  • cef0.kaspersky.kasperskyEndpointSecurityForWindows +info

Lumension Endpoint Management and Security

cef0.lumension.lumension

Malwarebytes

cef0.malwarebytes.malwarebytes-endpoint-protection +info

McAfee ePolicy Orchestrator (McAfee ePO)

cef0.mcafee.epolicyOrchestrator

McAfee Host Intrusion Prevention

cef0.mcafee.hostIntrusionPrevention

McAfee Next Generation Firewall

cef0.mcafee.firewall

McAfee Secure Internet Gateway

cef0.mcafee.secureInternetGateway

Micro Focus ArcSight

  • cef0.arcsight.arcsight

  • cef0.arcsight.cpmiClient

  • cef0.arcsight.firewall

  • cef0.arcsight.firewall1

  • cef0.arcsight.logger

  • cef0.arcsight.panOs

  • cef0.arcsight.smartdashboard

  • cef0.arcsight.smartdefense

  • cef0.arcsight.smartviewTracker

  • cef0.arcsight.unityone

  • cef0.arcsight.vpn1Firewall1

Microsoft Cloud App Security

cef0.mcas.siemAgent +info

Microsoft DNS trace log

cef0.microsoft.dnsTraceLog

Microsoft Defender ATP (now Microsoft Defender for Endpoint).

cef0.microsoft.windowsDefenderAtp +info

Microsoft Exchange Server

cef0.microsoft.exchangeServer

Microsoft Forefront Protection

cef0.microsoft.forefrontProtection

Microsoft Forefront Threat Management Gateway
(formerly Microsoft ISA Server)

cef0.microsoft.isaServer

Microsoft IIS

cef0.microsoft.internetInformationServer

Microsoft Network Policy Server

cef0.microsoft.nps

Microsoft SQL Server

cef0.microsoft.sqlServer

Microsoft System Center Configuration Manager
(Forefront Endpoint Connection)

cef0.microsoft.sccm_fep

Microsoft system events

cef0.microsoft.systemOrApplicationEvent

Microsoft Windows

cef0.microsoft.microsoftWindows

Nagios Network Monitoring

cef0.nagios.nagios

Palo Alto Networks PAN-OS

  • cef0.paloAltoNetworks.cortexXdrAgent

  • cef0.paloAltoNetworks.panOs

  • cef0.paloAltoNetworks.lf

  • cef0.paloAltoNetworks.paloAltoNetworksCortexXsoar

Powertech SIEM Agent

cef0.powertech.siemAgent

Preempt Behavioral Firewall

cef0.preemptsecurity.pbf

Proofpoint Messaging Security Gateway

cef0.proofpoint.messagingSecurityGateway

Qualys

cef0.qualys.qualys

RSA Identity Management and Governance

cef0.rsa.identityManagementService

SAP - Security Audit Log

cef0.sap.securityAuditLog

Snort Intrusion Detection (Open source)

cef0.snort.snort

SonicWall

cef0.sonicwall +info

Sophos Anti-Virus

cef0.sophos.sophosAntiVirus

Sophos XG firewall

cef0.sophos.xg +info

Stonesoft Firewall

  • cef0.stonesoft.alert

  • cef0.stonesoft.firewall

  • cef0.stonesoft.ips

  • cef0.stonesoft.stonegate

Symantec

cef0.symantec.symantec

Symantec Data Loss Prevention

cef0.symantec.dlp

Symantec Email Security

cef0.symantec.mailSecurityAppliance

Symantec Endpoint Protection Mobile

cef0.symantec.symantecEndpointProtectionMobile

Symantec ProxySG
(formerly by Blue Coat Systems)

  • cef0.bluecoat.proxyAv

  • cef0.blueCoat.proxySg

  • cef0.blueCoat.proxySgNavegacion

Trend Micro Control Manager

  • cef0.trendMicro.controlManager

  • cef0.trendMicro.deepSecurityAgent

  • cef0.trendMicro.deepSecurityManager

Trend Micro Deep Discovery Analyzer

cef0.trendMicro.deepDiscoveryAnalyzer +info

Trend Micro TippingPoint Unity One IPS

cef0.trendMicro.deepDiscoveryDirector

In order to start sending data to Devo using this tag, you must configure some parameters. Go to Policies → Common Objects → Other → Syslog Configuration and enter the following data. Click here for more info.

Server Name:

  • USA - us.elb.relay.logtrust.net

  • GCP (Spain) - es.elb.relay.logtrust.net

  • EU - eu.elb.relay.logtrust.net

If the customer has dedicated data nodes, it should use the endpoint provided by Devo.
Server Port - 443
Transport - TSL
Event format - CEF0
Private key - Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → Access Keys
Certificate - Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → X.509 Certificates
Chain - Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → X.509 Certificates

Trend Micro XDR


cef0.trendmicro.xdr +info

Tripwire Enterprise

cef0.tripwire.enterprise

Unix Sendmail

cef0.unix.sendmail

VMware ESX

cef0.vmware.esx

Watchguards XTM 11.x.x.

cef0.watchguards.xtm330 +info

Websense (now part of Forcepoint)

cef0.websense.security

Zscaler

  • cef0.zscaler.nssweblog +info

  • cef0.zscaler.nssfwlog +info

...