Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version 5

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

Tags beginning with authcspm.rsahorangi identify events generated by RSA SecurID.

...

The full tag must have 4 levels. The first two are fixed as auth cspm.rsahorangi. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

Technology

Brand

Type

Subtype

authcspm

rsahorangi

  • secureid

  • system

  • runtime

  • admin

  • tracewarden

  • alerts

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

authcspm.rsahorangi.secureidwarden.systemalertsauth

cspm.rsahorangi.secureid.system

auth.rsa.secureid.runtime

auth.rsa.secureid.runtime

auth.rsa.secureid.admin

auth.rsa.secureid.admin

auth.rsa.secureid.trace

auth.rsa.secureid.tracewarden.alerts

Table structure

This is the set displayed by these tables.

...

Rw tab
titleTable 1-2

...

cspm.horangi.warden.alerts

Field

Type

Extra Label

eventdate

timestamp

-

...

hostname

str

-

...

alert__

...

id

...

str

-

...

alert__monitoring_groups

str

-

...

alert__severity

str

-

...

alert__

...

title

str

-

...

alert__

...

type

str

-

...

alert__warden_url

str

-

...

client_ip

...

cloud__account__id

str

-

...

server_ip

...

cloud__account__name

str

-

...

cloud__provider

str

-

...

cloud__

...

region

str

-

...

event__action

str

-

...

identity__id

str

-

...

session_id

identity__is_service

bool

-

...

identity__

...

name

str

-

...

identity_

...

_

...

type

str

-

...

identity_

...

_

...

user_

...

agent

str

-

...

identity__metadata_

...

_

...

etag

str

-

...

identity__metadata_

...

_name

str

-

...

identity__metadata_

...

_

...

email

str

-

...

arg_1

identity__metadata__horangi

json

-

...

identity__metadata__uniqueId

str

-

...

identity__metadata__projectId

str

-

...

identity__metadata__displayName

str

-

...

identity__metadata__oauth2ClientId

str

-

...

arg_6

identity__metadata__policyanalyzer

json

-

...

identity__metadata__id

str

-

...

identity__metadata__kind

str

...

...

-

identity__metadata__emails

str

...

...

Field

...

Type

...

Extra Label

...

eventdate

...

timestamp

...

-

...

-

identity__metadata__aliases

str

-

...

identity__metadata__isAdmin

bool

-

identity__metadata__archived

bool

-

identity__metadata__addresses

str

-

identity__metadata__languages

str

-

...

server_date

...

identity__metadata__locations

str

-

...

identity__metadata__relations

str

-

...

category

...

identity__metadata__suspended

bool

-

...

identity__metadata__customerId

str

-

...

identity__metadata__externalIds

str

-

...

identity__metadata__orgUnitPath

str

-

...

client_ip

...

identity__metadata__creationTime

timestamp

-

...

server_ip

...

identity__metadata__primaryEmail

str

-

...

action

...

identity__metadata__agreedToTerms

bool

-

...

action_id

...

identity__metadata__ipWhitelisted

bool

-

...

result

...

identity__metadata__lastLoginTime

timestamp

-

...

identity__metadata__organizations

str

-

...

identity__metadata__posixAccounts

str

-

...

identity__metadata__recoveryEmail

str

-

...

identity__

...

metadata_

...

_

...

recoveryPhone

str

-

...

identity__

...

metadata_

...

_

...

sshPublicKeys

str

-

...

identity__metadata_

...

_

...

isMailboxSetup

...

bool

-

...

identity__metadata_

...

_

...

isEnforcedIn2Sv

...

bool

-

...

identity__metadata_

...

_

...

isEnrolledIn2Sv

...

bool

-

...

agent_id

...

identity__metadata__isDelegatedAdmin

bool

-

...

identity__

...

metadata_

...

_

...

changePasswordAtNextLogin

...

bool

-

...

agent_address

identity__metadata__includeInGlobalAddressList

bool

-

...

identity__metadata__thumbnailPhotoUrl

str

-

...

identity__metadata__thumbnailPhotoEtag

str

-

...

identity__metadata__gender

json

-

identity__metadata__description

str

-

...

resource_

...

_

...

category

str

-

...

resource__id

str

-

...

resource__

...

type

str

-

...

resource__metadata

str

-

...

rule__name

str

-

...

rule__description

str

-

...

source__geo__city

str

-

...

source__geo__continent

str

-

...

source__geo__country

str

-

...

source__ip

str

-

...

timestamp

str

-

at_devo_collector_version

int4

-

...

at_devo_source_id

str

-

...

at_devo_project_id

str

-

...

more_args

at_devo_retrieving_timestamp

timestamp

-

hostchain

str

tag

str

rawMessage

str

...