Page Comparison

Versions Compared

Old Version 3

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on Jul 15, 2023

compared with

New Version Current

changes.mady.by.user Former user

Saved on Oct 30, 2023

Key

This line was added.
This line was removed.
Formatting was changed.

...

In this case, the valid data tables are:

Tag	Data table
`cef0.trendMicro.deepSecurityAgent`	`cef0.trendMicro.deepSecurityAgent`

How is the data sent to Devo?

...

cef0.trendMicro.deepSecurityAgent

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

hostname

str

Code Block
split(hostchain, "=", 0)

hostchain

deviceVersion

str

signatureID

str

name

str

severity

str

TrendMicroDsFrameType

str

TrendMicroDsTenant

str

TrendMicroDsTenantId

str

dvchost

str

act

str

src

str

dst

str

in

int8

msg

str

smac

str

dmac

str

cnt

int4

spt

int4

dpt

int4

app

str

cat

str

c6a1Label

str

c6a1

str

c6a2Label

str

c6a2

str

c6a3Label

str

c6a3

str

c6a4Label

str

c6a4

str

cfp1Label

str

cfp1

float8

cfp2Label

str

cfp2

float8

cfp3Label

str

cfp3

float8

cfp4Label

str

cfp4

float8

cn1Label

str

cn1

int8

cn2Label

str

cn2

int8

cn3Label

str

cn3

int8

cs1Label

str

cs1

str

cs2Label

str

cs2

str

cs3Label

str

cs3

str

cs4Label

str

cs4

str

cs5Label

str

cs5

str

cs6Label

str

cs6

str

destinationDnsDomain

str

destinationServiceName

str

destinationTranslatedAddress

ip4

destinationTranslatedPort

int4

deviceCustomDate1Label

str

deviceCustomDate1

timestamp

deviceCustomDate2Label

str

deviceCustomDate2

timestamp

deviceDirection

int4

deviceDnsDomain

str

deviceExternalId

str

deviceInboundInterface

str

deviceMacAddress

str

deviceNtDomain

str

deviceOutboundInterface

str

deviceProcessName

str

deviceTranslatedAddress

ip4

dhost

str

dntdom

str

dpid

int4

dpriv

str

dproc

str

duid

str

duser

str

dvc

ip4

dvcpid

int4

end

timestamp

deviceFacility

str

externalId

int8

fileCreateTime

timestamp

fileHash

str

fileId

str

fileModificationTime

timestamp

filePath

str

filePermission

str

fileType

str

fname

str

fsize

int8

oldFileCreateTime

timestamp

oldFileHash

str

oldFileId

str

oldFileModificationTime

timestamp

oldFileName

str

oldFilePath

str

oldFilePermission

str

oldFileSize

int8

oldFileType

str

outcome

str

out

int8

proto

str

reason

str

requestClientApplication

str

requestCookies

str

requestMethod

str

request

str

result

str

rt

timestamp

shost

str

sntdom

str

sourceDnsDomain

str

sourceServiceName

str

sourceTranslatedAddress

ip4

sourceTranslatedPort

int4

spid

int4

spriv

str

sproc

str

start

timestamp

suid

str

suser

str

host_id

int8

Code Block
ifthenelse(cn1Label = "Host ID", cn1, null(int8(0)))

cn1

cn1Label

tcp_flags

str

Code Block
ifthenelse(cs2Label = "TCP Flags", cs2, null(""))

cs2Label

cs2

dpi_note

str

Code Block
ifthenelse(cs1Label = "DPI Note", cs1, null(""))

cs1

cs1Label

dpi_flags

str

Code Block
ifthenelse(cs6Label = "DPI Flags", cs6, null(""))

cs6Label

cs6

dpi_packet_position

int8

Code Block
ifthenelse(cn3Label = "DPI Packet Position", cn3, null(int8(0)))

cn3

cn3Label

dpi_stream_position

str

Code Block
ifthenelse(cs5Label = "DPI Stream Position", cs5, null(""))

cs5Label

cs5

fragmentation_bits

str

Code Block
ifthenelse(cs3Label = "Fragmentation Bits", cs3, null(""))

cs3

cs3Label

hostchain

str

✓

tag

str

cefTag

✓

rawMessage

str

✓