...
The full tag must have 3 levels. The first two are fixed as edr.symantec
. The third level identifies the type of events sent.
Product / Services | Tags | Data tables |
---|---|---|
Symantec Endpoint Detection & Response |
|
|
For more information, read more about Devo tags.
...
These are the fields displayed in this table:
edr.symantec.events
Field | Type | Field transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
|
|
| |||
hostname |
|
| hostchain | |||
cefVersion |
|
|
| |||
embDeviceVendor |
|
|
| |||
embDeviceProduct |
|
|
| |||
deviceVersion |
|
|
| |||
signatureID |
|
|
| |||
name |
|
|
| |||
severity |
|
|
| |||
enviromentID |
|
|
| |||
userEmail |
|
|
| |||
securityIncidentFamily |
|
|
| |||
securityIncidentProperty |
|
|
| |||
deviceType |
|
|
| |||
deviceMDMStatus |
|
|
| |||
classification |
|
|
| |||
deviceExternalId |
|
|
| |||
end |
|
|
| |||
externalId |
|
|
| |||
msg |
|
|
| |||
shost |
|
|
| |||
src |
|
|
| |||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ | ||
rawMessage |
|
|
| ✓ |