Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version 6

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

...

The full tag must have three levels. The first two are fixed as uba.varonisThe third level identifies the technology type and it can be dataalert (events generated by datAlert) or alerts (events generated by DatAdvantage).

...

Therefore, the valid tags include:

  • uba.varonis.dataalert

  • uba.varonis.alerts

  • uba.varonis.audit

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

uba.varonis.dataalert

uba.varonis.dataalert

uba.varonis.alerts

uba.varonis.alerts

uba.varonis.audit

uba.varonis.audit

Table structure

This is the set displayed by these tables.

Anchor
uba.varonis.dataalert
uba.varonis.dataalert

uba.varonis.dataalert

Field

Type

Extra Label

eventdate

timestamp

-

host

str

-

RuleName

str

-

AlertTime

str

-

EventTime

str

-

ActingObject

str

-

EventType

str

-

FileServerDomain

str

-

Path

str

-

AffectedObject

str

-

IPAddressHost

ip4

-

AdditionalData

str

-

AlertDescription

str

-

ChangedPermissions

str

-

PermissionsBeforeChange

str

-

PermissionsAfterChange

str

-

rawMessage

str

-

hostchain

str

tag

str

Anchor
uba.varonis.alerts
uba.varonis.alerts

uba.varonis.alerts

Field

Type

Extra Label

eventdate

timestamp

-

host

str

-

hostchain

str

cefVersion

str

-

embDeviceVendor

str

-

embDeviceProduct

str

-

deviceVersion

str

-

signatureID

str

-

name

str

-

severity

str

-

_cefVer

str

-

act

str

-

cat

str

-

ruleID

int8

-

mailRecipient

str

-

ruleName

str

-

attachmentName

str

-

clientAccessType

str

-

mailboxAccessType

str

-

changedPermissions

str

-

cnt

int4

-

deviceCustomDate1Label

str

-

deviceCustomDate1

timestamp

-

dhost

str

-

dpriv

str

-

duser

str

-

dvchost

str

-

end

timestamp

-

filePath

str

-

filePermission

str

-

fileType

str

-

fname

str

-

msg

str

-

oldFilePermission

str

-

outcome

str

-

rt

timestamp

-

start

timestamp

-

rawMessage

str

Anchor
uba.varonis.audit
uba.varonis.audit

uba.varonis.audit

Field

Type

Extra Label

eventdate

timestamp

-

host

str

-

rawMessage

str

RuleID

str

-

RuleName

str

-

AlertTime

str

-

EventTime

str

-

ActingObject

str

-

EventType

str

-

FileServerDomain

str

-

Path

str

-

AffectedObject

str

-

IPAddressHost

str

-

AdditionalData

str

-

Severity

str

-

Threshold

str

-

FirstEventTime

str

-

EventStatus

str

-

ActingObjectSAMAccountName

str

-

hostchain

str

tag

str

Varonis configuration

To set up message forwarding, you will need to take the following steps in the DatAlert area of the DatAdvantage management tool:

...

  • Source Port → 13076

  • Target Tag → uba.varonis.dataalert

  • Select both Stop Processing and Sent without syslog tag

...

Rule 2 - datAdvantage events

  • Source Port → 13076

  • Target Tag → uba.varonis.alerts

  • Select both Stop Processing and Sent without syslog tag

...