...
Introduction
Tags beginning with auth.jumpcloud identify events generated by Jumpcloud JumpCloud.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed asauth.jumpcloud. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
...
Technology
...
Brand
...
Type
...
Subtype
...
auth
...
jumpcloud
...
...
events
...
directory
...
ldap
...
mdm
...
radius
...
software
...
sso
...
systems
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | TagTags | Data tabletables |
|---|
JumpCloud | auth.jumpcloud.all.events
| auth.jumpcloud.all.events
|
auth.jumpcloud.directory.events
| auth.jumpcloud.directory.events
|
auth.jumpcloud.ldap.events
| auth.jumpcloud.ldap.events
|
auth.jumpcloud.mdm.events
| auth.jumpcloud.mdm.events
|
auth.jumpcloud.radius.events
| auth.jumpcloud.radius.events
|
auth.jumpcloud.software.events
| auth.jumpcloud.software.events
|
auth.jumpcloud.sso.events
| auth.jumpcloud.sso.events
|
auth.jumpcloud.systems.events
| auth.jumpcloud.systems.events
|
Table structure
| Rw ui tabs macro |
|---|
[auth.jumpcloud.directory.events][auth.jumpcloud.ldap.events][auth.jumpcloud.mdm.events][auth.jumpcloud.radius.events][auth.jumpcloud.software.events] | Anchor |
|---|
| auth.jumpcloud.directory.events |
|---|
| auth.jumpcloud.directory.events |
|---|
|
auth.jumpcloud.directory.eventsField | Type | Extra Label fields |
|---|
eventdate | timestamp-
| | hostname | str-
| | initiated_by__id | str-
| | initiated_by__type | str-
| | initiated_by__email | str-
| | initiated_by__username | str-
| | initiated_by__source | str-
| | initiated_by__source_metadata__name | str-
| | geoip__country_code | str
| - | | geoip__timezone | str-
| | geoip__latitude | float8-
| | geoip__continent_code | str-
| | geoip__region_name | str
| - | | geoip__region_code | str-
| | geoip__longitude | float8
| - | | resource__id | str
| - | | resource__type | str
| - | | resource__username | str-
| | changes | str-
| | auth_method | str-
| | success | bool
| - | | mfa | bool-
| | event_type | str
| - | | provider | str-
| | service | str-
| | organization | str-
| | at_version | str-
| | client_ip | ip4
| - | | id | str-
| | user_agent__patch | str
| - | | user_agent__minor | str-
| | user_agent__os | str-
| | user_agent__major | str-
| | user_agent__build | str-
| | user_agent__name | str-
| | user_agent__os_name | str-
| | user_agent__device | str-
| | association__type | str-
| | association__id | str-
| | association__email | str
| - | | timestamp | timestamp-
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.ldap.events |
|---|
| auth.jumpcloud.ldap.events |
|---|
|
auth.jumpcloud.ldap.eventsField | Type | Extra Label fields |
|---|
eventdate | timestamp-
| | hostname | str
| - | | err | str-
| | error_message | str
| - | | initiated_by__type | str
| - | | initiated_by__username | str-
| | initiated_by__email | str-
| | start_tls | bool-
| | tls_established | bool
| - | | dn | str-
| | mech | str
| - | | auth_method | str-
| | event_type | str-
| | connection_id | str-
| | port | str-
| | success | bool-
| | service | str
| - | | organization | str-
| | at_version | str
| - | | error_code | str-
| | id | str-
| | oid | str-
| | base | str-
| | scope | str-
| | filter | str-
| | operation_number | str-
| | username | str-
| | timestamp | timestamp
| - | | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.mdm.events |
|---|
| auth.jumpcloud.mdm.events |
|---|
|
auth.jumpcloud.mdm.eventsField | Type | Extra Label fields |
|---|
eventdate | timestamp-
| | hostname | str-
| | mdm_type | str
| - | | request_type | str-
| | mdm_device_id | str
| - | | mdm_device_manager_id | str
| - | | command__request_type | str
| - | | command__payload | str-
| | event_type | str-
| | command_uuid | str-
| | service | str
| - | | organization | str-
| | at_version | str
| - | | error_chain | str-
| | id | str-
| | timestamp_str | str-
| | timestamp | timestamp-
| | status | str
| - | | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.radius.events |
|---|
| auth.jumpcloud.radius.events |
|---|
|
auth.jumpcloud.radius.eventsField | Type | Extra Label fields |
|---|
eventdate | timestamp
| - | | hostname | str-
| | initiated_by__id | str-
| | initiated_by__type | str-
| | initiated_by__email | str-
| | id | str-
| | nas_mfa_state | str-
| | auth_type | str-
| | eap_type | str-
| | client_ip | ip4-
| | geoip__country_code | str
| - | | geoip__timezone | str-
| | geoip__latitude | float8-
| | geoip__continent_code | str-
| | geoip__region_name | str
| - | | geoip__region_code | str-
| | geoip__longitude | float8
| - | | service | str
| - | | success | bool-
| | username | str-
| | organization | str-
| | error_message | str
| - | | mfa | bool-
| | outer__eap_type | str
| - | | outer__error_message | str-
| | outer__username | str-
| | timestamp | timestamp-
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.software.events |
|---|
| auth.jumpcloud.software.events |
|---|
|
auth.jumpcloud.software.eventsField | Type | Extra Label fields |
|---|
eventdate | timestamp-
| | hostname | str
| - | | initiated_by__id | str-
| | initiated_by__type | str
| - | | system__hostname | str-
| | system__id | str-
| | event_type | str-
| | application__path | str-
| | application__uninstall_string | str-
| | application__name | str-
| | application__publisher | str-
| | application__version | str-
| | resource__id | str
| - | | resource__type | str-
| | provider | str-
| | service | str-
| | organization | str
| - | | changes | str-
| | id | str
| - | | timestamp | timestamp
| - | | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
[auth.jumpcloud.sso.events][auth.jumpcloud.sso.events] | Anchor |
|---|
| auth.jumpcloud.sso.events |
|---|
| auth.jumpcloud.sso.events |
|---|
|
auth.jumpcloud.sso.eventsField | Type | Extra Label fields |
|---|
eventdate | timestamp-
| | hostname | str-
| | initiated_by__id | str-
| | initiated_by__type | str
| - | | initiated_by__username | str-
| | error_message | str
| - | | geoip__country_code | str-
| | geoip__timezone | str-
| | geoip__latitude | float8-
| | geoip__continent_code | str-
| | geoip__region_name | str
| - | | geoip__longitude | float8-
| | geoip__region_code | str
| - | | sso_token_success | bool-
| | auth_context__policies_applied | str-
| | mfa | bool-
| | event_type | str-
| | application__name | str-
| | application__id | str-
| | application__sso_url | str-
| | provider | str-
| | service | str-
| | organization | str
| - | | at_version | str-
| | client_ip | ip4-
| | idp_initiated | bool-
| | id | str
| - | | user_agent__patch | str-
| | user_agent__os | str
| - | | user_agent__minor | str
| - | | user_agent__major | str-
| | user_agent__build | str-
| | user_agent__name | str-
| | user_agent__os_name | str
| - | | user_agent__device | str-
| | timestamp_str | str
| - | | timestamp | timestamp-
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.sso.events |
|---|
| auth.jumpcloud.sso.events |
|---|
|
auth.jumpcloud.sso.eventsField | Type | Extra Label fields |
|---|
eventdate | timestamp-
| | hostname | str-
| | initiated_by__id | str-
| | initiated_by__type | str
| - | | initiated_by__username | str-
| | error_message | str
| - | | geoip__country_code | str-
| | geoip__timezone | str-
| | geoip__latitude | float8-
| | geoip__continent_code | str-
| | geoip__region_name | str-
| | geoip__longitude | float8-
| | geoip__region_code | str-
| | sso_token_success | bool-
| | auth_context__policies_applied | str
| - | | mfa | bool-
| | event_type | str-
| | application__name | str-
| | application__id | str
| - | | application__sso_url | str-
| | provider | str
| - | | service | str
| - | | organization | str
| - | | at_version | str-
| | client_ip | ip4-
| | idp_initiated | bool-
| | id | str
| - | | user_agent__patch | str-
| | user_agent__os | str
| - | | user_agent__minor | str-
| | user_agent__major | str-
| | user_agent__build | str-
| | user_agent__name | str-
| | user_agent__os_name | str
| - | | user_agent__device | str-
| | timestamp_str | str
| - | | timestamp | timestamp-
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
|
