| Table of Contents |
|---|
| minLevel | 2 |
|---|
| maxLevel | 2 |
|---|
| type | flat |
|---|
|
Introduction
Tags beginning with
...
nac.
...
forescout identify events generated by
...
Forescout.
Valid tags and data tables
The full tag must have 4 3 levels. The first two are fixed as auth nac.rsaforescout. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
|---|
authnac | rsaforescout | | system runtime admin tracecounteract
| |
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|
authnac.rsaforescout.secureidcounteract.systempolicyauth | nac.rsaforescout.secureid.system |
auth.rsa.secureid.runtime | auth.rsa.secureid.runtime |
auth.rsa.secureid.admin | auth.rsa.secureid.admin |
auth.rsa.secureid.trace | auth.rsa.secureid.tracecounteract.policy |
Table structure
This is the set displayed by these tables.
| Rw ui tabs macro |
|---|
| Anchor |
|---|
| auth.rsa.secureid.system |
|---|
| auth.rsa.secureid.system |
|---|
|
auth.rsa.secureid.systemField | Type | Extra Label |
|---|
eventdate | timestamp
| - | machine | str
| - | server_date | timestamp
| - | hostname | str
| - | category | str
| - | log_level | str
| - | event_id | str
| - | server_instance | str
| - | client_ip | ip4
| - | server_ip | ip4
| - | action | str
| - | action_id | str
| - | result | str
| - | reason | str
| - | session_id | str
| - | user_id | str
| - | user_identity_source_id | str
| - | user_security_domain_id | str
| - | user_login_name | str
| - | user_first_name | str
| - | user_last_name | str
| - | arg_1 | str
| - | arg_2 | str
| - | arg_3 | str
| - | arg_4 | str
| - | arg_5 | str
| - | arg_6 | str
| - | cause | str
| - | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| - |
| Anchor |
|---|
| auth.rsa.secureid.runtime |
|---|
| auth.rsa.secureid.runtime |
|---|
|
auth.rsa.secureid.runtimeField | Type | Extra Label |
|---|
eventdate | timestamp
| - | machine | str
| - | server_date | timestamp
| - | hostname | str
| - | category | str
| - | log_level | str
| - | event_id | str
| - | server_instance | str
| - | client_ip | ip4
| - | server_ip | ip4
| - | action | str
| - | action_id | str
| - | result | str
| - | reason | str
| - | session_id | str
| - | user_id | str
| - | user_identity_source_id | str
| - | user_security_domain_id | str
| - | user_login_name | str
| - | user_first_name | str
| - | user_last_name | str
| - | agent_id | str
| - | agent_security_domain_id | str
| - | agent_address | ip4
| - | agent_name | str
| - | agent_type | str
| - | policy_method_id | str
| - | policy_method_name | str
| - | policy_id | str
| - | policy_expression | str
| - | arg1 | str
| - | arg2 | str
| - | arg3 | str
| - | arg4 | str
| - | arg5 | str
| - | arg6 | str
| - | arg7 | str
| - | arg8 | str
| - | arg9 | str
| - | arg10 | str
| - | more_args | str
| - | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| - |
|
