Table of Contents | ||||
---|---|---|---|---|
|
...
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as endpoint.vmware. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
---|---|---|---|
endpoint | vmware |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table | |
---|---|---|
tag1 | table1 | |
tag2 | table2endpoint.vmware.cbc_api.alerts | endpoint.vmware.cbc_api.alerts |
endpoint.vmware.cbc_defender.audit_logs | endpoint.vmware.cbc_defender.audit_logs |
How is the data sent to Devo?
Use the info in the How is the data sent to Devo? section of the internal doc to fill this section with the required method
...
Event source → Devo (Syslog, HTTP...):
You can forward logs generated by Company using any Syslog drain (for example, Syslog-ng). Learn more about how to send Company logs and their structure here.
Log samples
The following are sample logs sent to each of the endpoint.vmware data tables. Also, find how the information will be parsed in your data table under each sample log.
Note | ||
---|---|---|
| ||
Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns. |
Add this note only if the parser contains any Extra field
...