...
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|
JumpCloud | auth.jumpcloud.all.events
| auth.jumpcloud.all.events
| Note |
|---|
Union table This is a union table that collects events from a set of tables for easy access and analysis. Learn more about this union table in this article. |
|
auth.jumpcloud.directory.events
| auth.jumpcloud.directory.events
|
auth.jumpcloud.ldap.events
| auth.jumpcloud.ldap.events
|
auth.jumpcloud.mdm.events
| auth.jumpcloud.mdm.events
|
auth.jumpcloud.radius.events
| auth.jumpcloud.radius.events
|
auth.jumpcloud.software.events
| auth.jumpcloud.software.events
|
auth.jumpcloud.sso.events
| auth.jumpcloud.sso.events
|
auth.jumpcloud.systems.events
| auth.jumpcloud.systems.events
|
For more information, read more About Devo tags.
...
| Rw ui tabs macro |
|---|
| Anchor |
|---|
| auth.jumpcloud.directory.events |
|---|
| auth.jumpcloud.directory.events |
|---|
|
auth.jumpcloud.directory.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | initiated_by__email | str
| | initiated_by__username | str
| | initiated_by__source | str
| | initiated_by__source_metadata__name | str
| | geoip__country_code | str
| | geoip__timezone | str
| | geoip__latitude | float8
| | geoip__continent_code | str
| | geoip__region_name | str
| | geoip__region_code | str
| | geoip__longitude | float8
| | resource__id | str
| | resource__type | str
| | resource__username | str
| | changes | str
| | auth_method | str
| | auth_context__system__hostname | str
| | auth_context__system__os | str
| | auth_context__system__display_name | str
| | auth_context__system__id | str
| | auth_context__system__version | str
| | success | bool
| | mfa | bool
| | event_type | str
| | provider | str
| | service | str
| | organization | str
| | at_version | str
| | client_ip | ip4
| | id | str
| | user_agent__patch | str
| | user_agent__minor | str
| | user_agent__os | str
| | user_agent__major | str
| | user_agent__build | str
| | user_agent__name | str
| | user_agent__os_name | str
| | user_agent__device | str
| | association__type | str
| | association__id | str
| | association__email | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.ldap.events |
|---|
| auth.jumpcloud.ldap.events |
|---|
|
auth.jumpcloud.ldap.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | err | str
| | error_message | str
| | initiated_by__type | str
| | initiated_by__username | str
| | initiated_by__email | str
| | start_tls | bool
| | tls_established | bool
| | dn | str
| | mech | str
| | auth_method | str
| | event_type | str
| | connection_id | str
| | port | str
| | success | bool
| | service | str
| | organization | str
| | at_version | str
| | error_code | str
| | id | str
| | oid | str
| | base | str
| | scope | str
| | filter | str
| | operation_number | str
| | username | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.mdm.events |
|---|
| auth.jumpcloud.mdm.events |
|---|
|
auth.jumpcloud.mdm.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | mdm_type | str
| | request_type | str
| | mdm_device_id | str
| | mdm_device_manager_id | str
| | command__request_type | str
| | command__payload | str
| | event_type | str
| | command_uuid | str
| | service | str
| | organization | str
| | at_version | str
| | error_chain | str
| | id | str
| | timestamp_str | str
| | timestamp | timestamp
| | status | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.radius.events |
|---|
| auth.jumpcloud.radius.events |
|---|
|
auth.jumpcloud.radius.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | initiated_by__email | str
| | id | str
| | nas_mfa_state | str
| | auth_type | str
| | eap_type | str
| | client_ip | ip4
| | geoip__country_code | str
| | geoip__timezone | str
| | geoip__latitude | float8
| | geoip__continent_code | str
| | geoip__region_name | str
| | geoip__region_code | str
| | geoip__longitude | float8
| | service | str
| | success | bool
| | username | str
| | organization | str
| | error_message | str
| | mfa | bool
| | outer__eap_type | str
| | outer__error_message | str
| | outer__username | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.software.events |
|---|
| auth.jumpcloud.software.events |
|---|
|
auth.jumpcloud.software.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | system__hostname | str
| | system__id | str
| | event_type | str
| | application__path | str
| | application__uninstall_string | str
| | application__name | str
| | application__publisher | str
| | application__version | str
| | resource__id | str
| | resource__type | str
| | provider | str
| | service | str
| | organization | str
| | changes | str
| | id | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.sso.events |
|---|
| auth.jumpcloud.sso.events |
|---|
|
auth.jumpcloud.sso.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | initiated_by__username | str
| | error_message | str
| | geoip__country_code | str
| | geoip__timezone | str
| | geoip__latitude | float8
| | geoip__continent_code | str
| | geoip__region_name | str
| | geoip__longitude | float8
| | geoip__region_code | str
| | sso_token_success | bool
| | auth_context__policies_applied | str
| | auth_context__system__hostname | str
| | auth_context__system__os | str
| | auth_context__system__display_name | str
| | auth_context__system__id | str
| | auth_context__system__version | str
| | mfa | bool
| | event_type | str
| | application__name | str
| | application__id | str
| | application__sso_url | str
| | application__display_label | str
| | provider | str
| | service | str
| | organization | str
| | at_version | str
| | client_ip | ip4
| | idp_initiated | bool
| | id | str
| | user_agent__patch | str
| | user_agent__os | str
| | user_agent__minor | str
| | user_agent__major | str
| | user_agent__build | str
| | user_agent__name | str
| | user_agent__os_name | str
| | user_agent__device | str
| | timestamp_str | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.sso.events |
|---|
| auth.jumpcloud.sso.events |
|---|
|
auth.jumpcloud.systems.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | initiated_by__username | str
| | error_message | str
| | geoip__country_code | str
| | geoip__timezone | str
| | geoip__latitude | float8
| | geoip__continent_code | str
| | geoip__region_name | str
| | geoip__longitude | float8
| | geoip__region_code | str
| | sso_token_success | bool
| | auth_context__policies_applied | str
| | mfa | bool
| | event_type | str
| | application__name | str
| | application__id | str
| | application__sso_url | str
| | provider | str
| | service | str
| | organization | str
| | at_version | str
| | client_ip | ip4
| | idp_initiated | bool
| | id | str
| | user_agent__patch | str
| | user_agent__os | str
| | user_agent__minor | str
| | user_agent__major | str
| | user_agent__build | str
| | user_agent__name | str
| | user_agent__os_name | str
| | user_agent__device | str
| | timestamp_str | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
|
