Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

Introduction

The tables beginning withcef0.zscaler identify events in CEF format generated by Varonis products.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

  • cef0.zscaler.nssweblog 

  • cef0.zscaler.nssfwlog 

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

cef0.zscaler.nssfwlog

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

cn1

int8

 

cn2

int8

 

cn3

int8

 

cs1

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4

str

 

destinationServiceName

str

 

destinationTranslatedAddress

ip4

 

dst

ip4

 

dpt

int4

 

in

int8

 

out

int8

 

proto

str

 

sourceTranslatedAddress

ip4

 

spriv

str

 

src

ip4

 

spt

int4

 

suser

str

 

hostchain

str

tag

str

cefTag

rawMessage

str

cef0.zscaler.nssweblog

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

cn1Label

str

 

cn1

int8

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationServiceName

str

 

dhost

str

 

dst

ip4

 

externalId

int8

 

fileType

str

 

in

int8

 

outcome

str

out

int8

reason

str

requestClientApplication

str

requestMethod

str

request

str

rt

str

sourceTranslatedAddress

ip4

spriv

str

src

ip4

spt

int4

suser

str

ZscalerNSSWeblogDLPDictionaries

str

ZscalerNSSWeblogURLClass

str

requestContext

str

hostchain

str

tag

str

cefTag

rawMessage

str