Table of Contents | ||||
---|---|---|---|---|
|
Introduction
The tags beginning with mail.agari
identify events generated by Agari Phishing Defense.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed asmail.agari
. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
...
Technology
...
Brand
...
Type
...
Subtype
...
...
agari
phishing_defense
policy_events
messages
These are the valid tags and corresponding data tables that will receive the parsers' data:
TagTags | Data tabletables |
---|---|
|
|
|
|
How is the data sent to Devo?
To send logs to these tables, Devo provides a collector that you can download and use to send the required events to your Devo domain. You can learn how to use it in this article on Collector for Agari Phishing Defense.
Table structure
These are the fields displayed in these tables:
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
|
|
hostname |
|
|
alert_definition_name |
|
|
created_at |
|
|
id |
|
|
notified_original_recipients |
|
|
summary |
|
|
updated_at |
|
|
admin_recipients |
|
|
policy_action |
|
|
policy_enabled |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
|
|
hostname |
|
|
attachment_sha256 |
|
|
domain_tags |
|
|
has_attachment |
|
|
ip |
|
|
message_id |
|
|
ptr_name |
|
|
sbrs |
|
|
id |
|
|
policy_ids |
|
|
attachment_extensions |
|
|
attachment_filenames |
|
|
authenticity |
|
|
to_email |
|
|
reply_to |
|
|
timestamp_ms |
|
|
date |
|
|
from_email |
|
|
from_domain |
|
|
subject |
|
|
domain_reputation |
|
|
message_trust_score |
|
|
message_details_link |
|
|
attack_types |
|
|
enforcement_action |
|
|
enforcement_result |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |