Table of Contents | ||||||
---|---|---|---|---|---|---|
|
...
The tables beginning with cef0.bluecoat
identify events in CEF format generated by Blue Coat.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
Tags | Data tables |
---|---|
|
|
|
|
|
|
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Table structure
These are the fields displayed in these tables:
...
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
priorityCode |
|
| |
cefTag |
|
| |
cefVersion |
|
| |
embDeviceVendor |
|
| |
embDeviceProduct |
|
| |
deviceVersion |
|
| |
signatureID |
|
| |
name |
|
| |
severity |
|
| |
_cefVer |
|
| |
app |
|
| |
dvchost |
|
| |
dvc |
|
| |
out |
|
| |
requestMethod |
|
| |
rt |
|
| |
sourceDnsDomain |
|
| |
agt |
|
| |
ahost |
|
| |
aid |
|
| |
arcSightEventPath |
|
| |
art |
|
| |
assetCriticality |
|
| |
at |
|
| |
atz |
|
| |
av |
|
| |
customerID |
|
| |
customerURI |
|
| |
deviceSeverity |
|
| |
deviceZoneID |
|
| |
deviceZoneURI |
|
| |
dtz |
|
| |
eventAnnotationAuditTrail |
|
| |
eventAnnotationEndTime |
|
| |
eventAnnotationEventId |
|
| |
eventAnnotationFlags |
|
| |
eventAnnotationManagerReceiptTime |
|
| |
eventAnnotationModificationTime |
|
| |
eventAnnotationStageID |
|
| |
eventAnnotationStageUpdateTime |
|
| |
eventAnnotationStageURI |
|
| |
eventAnnotationVersion |
|
| |
eventId |
|
| |
locality |
|
| |
modelConfidence |
|
| |
mrt |
|
| |
priority |
|
| |
relevance |
|
| |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| ||
priorityCode |
| ||
cefTag |
| ||
cefVersion |
| ||
embDeviceVendor |
| ||
embDeviceProduct |
| ||
deviceVersion |
| ||
signatureID |
| ||
name |
| ||
severity |
| ||
_cefVer |
| ||
act |
| ||
app |
| ||
cat |
| ||
cs1Label |
| ||
cs1 |
| ||
cs4Label |
| ||
cs4 |
| ||
cs6Label |
| ||
cs6 |
| ||
dhost |
| ||
dst |
| ||
dvc |
| ||
in |
| ||
out |
| ||
requestClientApplication |
| ||
requestMethod |
| ||
request |
| ||
rt |
| ||
src |
| ||
suser |
| ||
agt |
| ||
ahost |
| ||
aid |
| ||
arcSightEventPath |
| ||
art |
| ||
assetCriticality |
| ||
at |
| ||
atz |
| ||
av |
| ||
catdt |
| ||
categoryBehavior |
| ||
categoryDeviceGroup |
| ||
categoryObject |
| ||
categoryOutcome |
| ||
categorySignificance |
| ||
customerID |
| ||
customerURI |
| ||
destinationZoneURI |
| ||
deviceAssetId |
| ||
deviceSeverity |
| ||
deviceZoneID |
| ||
deviceZoneURI |
| ||
dtz |
| ||
eventAnnotationAuditTrail |
| ||
eventAnnotationEndTime |
| ||
eventAnnotationEventId |
| ||
eventAnnotationFlags |
| ||
eventAnnotationManagerReceiptTime |
| ||
eventAnnotationModificationTime |
| ||
eventAnnotationStageID |
| ||
eventAnnotationStageUpdateTime |
| ||
eventAnnotationStageURI |
| ||
eventAnnotationVersion |
| ||
eventId |
| ||
locality |
| ||
modelConfidence |
| ||
mrt |
| ||
priority |
| ||
relevance |
| ||
requestContext |
| ||
slat |
| ||
slong |
| ||
sourceGeoCountryCode |
| ||
sourceGeoLocationInfo |
| ||
sourceGeoPostalCode |
| ||
sourceGeoRegionCode |
| ||
sourceZoneExternalID |
| ||
sourceZoneID |
| ||
sourceZoneURI |
| ||
tag |
| cefTag | ✓ |
rawMessage |
| ✓ | |
hostchain |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
priorityCode |
|
| |
cefTag |
|
| |
cefVersion |
|
| |
embDeviceVendor |
|
| |
embDeviceProduct |
|
| |
deviceVersion |
|
| |
signatureID |
|
| |
name |
|
| |
severity |
|
| |
_cefVer |
|
| |
act |
|
| |
app |
|
| |
cat |
|
| |
c6a1Label |
|
| |
c6a1 |
|
| |
c6a2Label |
|
| |
c6a2 |
|
| |
c6a3Label |
|
| |
c6a3 |
|
| |
c6a4Label |
|
| |
c6a4 |
|
| |
cfp1Label |
|
| |
cfp1 |
|
| |
cfp2Label |
|
| |
cfp2 |
|
| |
cfp3Label |
|
| |
cfp3 |
|
| |
cfp4Label |
|
| |
cfp4 |
|
| |
cn1Label |
|
| |
cn1 |
|
| |
cn2Label |
|
| |
cn2 |
|
| |
cn3Label |
|
| |
cn3 |
|
| |
cnt |
|
| |
cs1Label |
|
| |
cs1 |
|
| |
cs2Label |
|
| |
cs2 |
|
| |
cs3Label |
|
| |
cs3 |
|
| |
cs4Label |
|
| |
cs4 |
|
| |
cs5Label |
|
| |
cs5 |
|
| |
cs6Label |
|
| |
cs6 |
|
| |
destinationDnsDomain |
|
| |
destinationServiceName |
|
| |
destinationTranslatedAddress |
|
| |
destinationTranslatedPort |
|
| |
deviceCustomDate1Label |
|
| |
deviceCustomDate1 |
|
| |
deviceCustomDate2Label |
|
| |
deviceCustomDate2 |
|
| |
deviceDirection |
|
| |
deviceDnsDomain |
|
| |
deviceExternalId |
|
| |
deviceInboundInterface |
|
| |
deviceMacAddress |
|
| |
deviceNtDomain |
|
| |
deviceOutboundInterface |
|
| |
deviceProcessName |
|
| |
deviceTranslatedAddress |
|
| |
dhost |
|
| |
dmac |
|
| |
dntdom |
|
| |
dpid |
|
| |
dpriv |
|
| |
dproc |
|
| |
dst |
|
| |
duid |
|
| |
duser |
|
| |
dvchost |
|
| |
dvc |
|
| |
dvcpid |
|
| |
end |
|
| |
deviceFacility |
|
| |
externalId |
|
| |
fileCreateTime |
|
| |
fileHash |
|
| |
fileId |
|
| |
fileModificationTime |
|
| |
filePath |
|
| |
filePermission |
|
| |
fileType |
|
| |
fname |
|
| |
fsize |
|
| |
in |
|
| |
msg |
|
| |
oldFileCreateTime |
|
| |
oldFileHash |
|
| |
oldFileId |
|
| |
oldFileModificationTime |
|
| |
oldFileName |
|
| |
oldFilePath |
|
| |
oldFilePermission |
|
| |
oldFileSize |
|
| |
oldFileType |
|
| |
outcome |
|
| |
out |
|
| |
proto |
|
| |
reason |
|
| |
requestClientApplication |
|
| |
requestCookies |
|
| |
requestMethod |
|
| |
request |
|
| |
rt |
|
| |
shost |
|
| |
smac |
|
| |
sntdom |
|
| |
sourceDnsDomain |
|
| |
sourceServiceName |
|
| |
sourceTranslatedAddress |
|
| |
sourceTranslatedPort |
|
| |
spid |
|
| |
spriv |
|
| |
sproc |
|
| |
spt |
|
| |
src |
|
| |
start |
|
| |
suid |
|
| |
suser |
|
| |
catdt |
|
| |
deviceDomain |
|
| |
deviceSeverity |
|
| |
dpt |
|
| |
dtz |
|
| |
dvcmac |
|
| |
endTime |
|
| |
eventId |
|
| |
flexNumber1 |
|
| |
flexNumber1Label |
|
| |
flexNumber2 |
|
| |
flexNumber2Label |
|
| |
flexString1 |
|
| |
flexString1Label |
|
| |
flexString2 |
|
| |
flexString2Label |
|
| |
modelConfidence |
|
| |
priority |
|
| |
relevance |
|
| |
requestContext |
|
| |
sessionId |
|
| |
slat |
|
| |
slong |
|
| |
dlat |
|
| |
dlong |
|
| |
sourceGeoCountryCode |
|
| |
sourceGeoLocationInfo |
|
| |
sourceGeoPostalCode |
|
| |
sourceGeoRegionCode |
|
| |
destinationGeoCountryCode |
|
| |
destinationGeoLocationInfo |
|
| |
destinationGeoPostalCode |
|
| |
destinationGeoRegionCode |
|
| |
agt |
|
| |
ahost |
|
| |
art |
|
| |
atz |
|
| |
mrt |
|
| |
categoryBehavior |
|
| |
categoryCustomFormatField |
|
| |
categoryDeviceGroup |
|
| |
categoryObject |
|
| |
categoryOutcome |
|
| |
categorySignificance |
|
| |
categoryTechnique |
|
| |
categoryTupleDescription |
|
| |
assetCriticality |
|
| |
customerID |
|
| |
customerURI |
|
| |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
hostchain |
| ✓ |