...
Introduction
Tags beginning with authcdn.rsacloudfare identify events generated by RSA SecurID Cloudfare.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as auth cdn.rsacloudfare. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype | |
---|---|---|---|---|
authcdn | rsacloudfare |
|
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
---|---|
authcdn.rsacloudflare.secureidaudit.system | auth.rsa.secureid.system |
auth.rsa.secureid.runtime | auth.rsa.secureid.runtime |
auth.rsa.secureid.admin | auth.rsa.secureid.admin |
auth.rsa.secureid.trace | auth.rsa.secureid.trace |
events.<ENTITY_ID> | cdn.cloudflare.audit.events. |
Table structure
This is the set displayed by these tables.
...
Rw tab | ||
---|---|---|
|
...
cdn.cloudflare.audit.events
Field | Type | Extra Label |
---|---|---|
eventdate |
| - |
...
machine
...
str
...
-
...
server_date
...
timestamp
...
-
hostname |
| - |
...
category
...
str
...
-
...
ENTITY_ID |
| - |
...
action
id |
| - |
...
server_instance
...
str
...
-
...
client_ip
...
ip4
...
-
...
server_ip
...
ip4
...
-
action__info |
| - |
action |
...
str
...
-
...
result
...
str
...
-
...
reason
...
str
...
-
...
_ |
...
str
...
-
...
_type |
| - |
...
action_ |
...
_ |
...
result |
...
| - |
...
actor_ |
...
_ |
...
id |
| - |
...
actor_ |
...
_ |
...
| - |
...
actor_ |
...
_ |
...
type |
| - |
...
actor_ |
...
_ |
...
str
...
-
...
arg_1
...
str
...
-
...
arg_2
...
str
...
-
...
arg_3
...
str
...
-
...
arg_4
...
str
...
-
...
arg_5
...
str
...
-
...
arg_6
...
str
...
-
...
cause
...
str
...
-
...
hostchain
...
str
...
✓
...
tag
...
str
...
✓
...
rawMessage
...
str
...
-
...
Field
...
Type
...
Extra Label
...
eventdate
...
timestamp
...
-
...
machine
...
str
...
-
...
server_date
...
timestamp
...
-
...
hostname
...
str
...
-
...
category
...
str
...
-
...
log_level
...
str
...
-
...
event_id
...
str
...
-
...
server_instance
...
str
...
-
...
action
ip |
| - |
...
server_ip
...
ip4
...
-
newValue |
| - |
...
oldValue |
| - |
...
result
...
str
...
-
...
reason
...
str
...
-
...
session_id
...
str
...
-
owner__id |
| - |
...
resource_ |
...
_ |
...
id |
| - |
...
resource_ |
...
_ |
...
type |
| - |
...
interface |
| - |
...
metadata_ |
...
str
...
-
...
_zone_name |
| - |
...
agent_id
...
str
...
-
...
metadata__zone_tag |
| - |
...
agent_address
...
ip4
...
-
...
agent_name
...
str
...
-
metadata__type |
| - |
...
metadata_ |
...
_ |
...
str
...
-
...
name |
| - |
...
policy_id
...
str
...
-
...
metadata__value |
| - |
...
arg1
...
str
...
-
...
arg2
...
str
...
-
...
arg3
...
str
...
-
...
arg4
...
str
...
-
...
arg5
...
str
...
-
...
arg6
...
str
...
-
...
arg7
...
str
...
-
...
arg8
...
str
...
-
...
arg9
...
str
...
-
...
arg10
...
str
...
-
...
more_args
...
str
...
-
when |
| - |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
|
...
✓ |