Versions Compared

Old Version 7

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

The tags beginning with casb.proofpoint identify events generated by CASB Proofpoint.

...

The full tag must have 3 levels. The first two are fixed ascasb.proofpoint. The third level identifies the type of events sent.

...

Technology

...

Brand

...

Type

...

casb

...

proofpoint

...

  • alert

  • event

These are the valid tags and corresponding data tables that will receive the parsers' data:

TagProduct / Service

Tags

Data tabletables

Proofpoint

casb.netskopeproofpoint.alert

casb.netskopeproofpoint.alert

casb.proofpoint.event

casb.proofpoint.event

Table structure

[For more information, read more About Devo tags.

How is the data sent to Devo?

Logs generated by CASB Proofpoint are forwarded to Devo using a dedicated collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.

Table structure

These are the fields displayed in these tables:

...

...

...

Anchor
tag1
tag1
casb.proofpoint.alert

Field

Type

Extra Label fields

eventdate

timestamp-

hostname

str

-

id

str

-

timestamp

timestamp

-

description

str

-

related_events__user_email

str

-

related_events__user_id

str-

related_events__event_id

str

-

related_events__geo_location

str

-

related_events__user_agent

str

-

related_events__intelligence

str

-

related_events__timestamp

int8-

related_events__cloud_service

str-

related_events__location

str

-

related_events__meta_data

json

-

related_events__meta_data__extracted_fields

str-

related_events__event_classification__id

str-

related_events__event_classification__sub_category

str

-

related_events__event_classification__threat

str-

related_events__event_classification__category

str-

related_events__full_name

str

-

tenantId

str

-

severity

str

-

type

str

-

title

str

-

subType

str-

related_events_found

int4-

related_events_id

int4

-

at_devo_environment

str-

at_devo_pulling_id

str

-

hostchain

str

tag

str

rawMessage

str

...

Anchor
tag2
tag2
casb.proofpoint.event

Field

Type

Extra Label fields

eventdate

timestamp-

hostname

str

-

id

str

-

timestamp

timestamp

-

description

str

-

related_events__user_email

str

-

related_events__user_id

str-

related_events__event_id

str

-

related_events__geo_location

str

-

related_events__user_agent

str

-

related_events__intelligence

str-

related_events__timestamp

int8-

related_events__cloud_service

str

-

related_events__location

str

-

related_events__meta_data

json

-

related_events__meta_data__extracted_fields

str-

related_events__event_classification__id

str

-

related_events__event_classification__sub_category

str

-

related_events__event_classification__threat

str-

related_events__event_classification__category

str

-

related_events__full_name

str

-

tenantId

str

-

severity

str

-

type

str

-

title

str-

subType

str

-

related_events_found

int4

-

related_events_id

int4

-

at_devo_environment

str

-

at_devo_pulling_id

str-

hostchain

str

tag

str

rawMessage

str

How is the data sent to Devo?

...