Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version 4

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

Tags beginning with authcdn.rsacloudfare identify events generated by RSA SecurID Cloudfare.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as auth cdn.rsacloudfare. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

Technology

Brand

Type

Subtype

authcdn

rsacloudfare

  • secureidaudit

  • system

  • runtime

  • admin

  • trace

  • events

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

authcdn.rsacloudflare.secureidaudit.system

auth.rsa.secureid.system

auth.rsa.secureid.runtime

auth.rsa.secureid.runtime

auth.rsa.secureid.admin

auth.rsa.secureid.admin

auth.rsa.secureid.trace

auth.rsa.secureid.trace

events.<ENTITY_ID>

cdn.cloudflare.audit.events.

Table structure

This is the set displayed by these tables.

...

Rw tab
titleTable 1-2

...

cdn.cloudflare.audit.events

Field

Type

Extra Label

eventdate

timestamp

-

...

machine

...

str

...

-

...

server_date

...

timestamp

...

-

hostname

str

-

...

category

...

str

...

-

...

ENTITY_ID

str

-

...

action

id

str

-

...

server_instance

...

str

...

-

...

client_ip

...

ip4

...

-

...

server_ip

...

ip4

...

-

action__info

str

-

action

...

str

...

-

...

result

...

str

...

-

...

reason

...

str

...

-

...

_

...

str

...

-

...

_type

str

-

...

action_

...

_

...

result

...

bool

-

...

actor_

...

_

...

id

str

-

...

actor_

...

_

...

email

str

-

...

actor_

...

_

...

type

str

-

...

actor_

...

_

...

str

...

-

...

arg_1

...

str

...

-

...

arg_2

...

str

...

-

...

arg_3

...

str

...

-

...

arg_4

...

str

...

-

...

arg_5

...

str

...

-

...

arg_6

...

str

...

-

...

cause

...

str

...

-

...

hostchain

...

str

...

...

tag

...

str

...

...

rawMessage

...

str

...

-

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

machine

...

str

...

-

...

server_date

...

timestamp

...

-

...

hostname

...

str

...

-

...

category

...

str

...

-

...

log_level

...

str

...

-

...

event_id

...

str

...

-

...

server_instance

...

str

...

-

...

action

ip

ip4

-

...

server_ip

...

ip4

...

-

newValue

str

-

...

oldValue

str

-

...

result

...

str

...

-

...

reason

...

str

...

-

...

session_id

...

str

...

-

owner__id

str

-

...

resource_

...

_

...

id

str

-

...

resource_

...

_

...

type

str

-

...

interface

str

-

...

metadata_

...

str

...

-

...

_zone_name

str

-

...

agent_id

...

str

...

-

...

metadata__zone_tag

str

-

...

agent_address

...

ip4

...

-

...

agent_name

...

str

...

-

metadata__type

str

-

...

metadata_

...

_

...

str

...

-

...

name

str

-

...

policy_id

...

str

...

-

...

metadata__value

str

-

...

arg1

...

str

...

-

...

arg2

...

str

...

-

...

arg3

...

str

...

-

...

arg4

...

str

...

-

...

arg5

...

str

...

-

...

arg6

...

str

...

-

...

arg7

...

str

...

-

...

arg8

...

str

...

-

...

arg9

...

str

...

-

...

arg10

...

str

...

-

...

more_args

...

str

...

-

when

timestamp

-

hostchain

str

tag

str

rawMessage

str

...