...
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|---|---|
Orca Security |
|
|
For more information, read more About Devo tags.
...
cnapp.orca.security.alerts
Field | Type | Extra fields |
|---|---|---|
eventdate |
|
|
hostname |
|
|
type |
|
|
is_compliance |
|
|
rule_id |
|
|
subject_type |
|
|
type_string |
|
|
type_key |
|
|
category |
|
|
description |
|
|
details |
|
|
recommendation |
|
|
alert_labels |
|
|
asset_category |
|
|
cloud_provider |
|
|
cloud_account_id |
|
|
cloud_vendor_id |
|
|
cloud_account_type |
|
|
account_name |
|
|
asset_name |
|
|
asset_type |
|
|
asset_type_string |
|
|
group_unique_id |
|
|
vm_id |
|
|
asset_state |
|
|
asset_distribution_name |
|
|
asset_distribution_version |
|
|
asset_distribution_major_version |
|
|
asset_auto_updates |
|
|
asset_availability_zones |
|
|
asset_regions |
|
|
asset_regions_names |
|
|
asset_vpcs |
|
|
asset_tags_info_list |
|
|
tags_info_list |
|
|
asset_num_private_ips |
|
|
asset_first_private_ips |
|
|
container_image_version |
|
|
container_image_digest |
|
|
container_image_name |
|
|
container_k8s_pod_namespace |
|
|
asset_hostname |
|
|
container_id |
|
|
vm_name |
|
|
cve_list |
|
|
max_cvss_score |
|
|
alert_id |
|
|
status |
|
|
status_time |
|
|
score |
|
|
orca_score |
|
|
state_severity |
|
|
risk_level |
|
|
created_at |
|
|
last_seen |
|
|
low_since |
|
|
high_since |
|
|
in_verification |
|
|
last_updated |
|
|
rule_source |
|
|
is_new_score |
|
|
closed_time |
|
|
verification_status |
|
|
closed_reason |
|
|
source |
|
|
organization_id |
|
|
organization_name |
|
|
context |
|
|
asset_unique_id |
|
|
group_name |
|
|
group_type |
|
|
group_type_string |
|
|
cluster_unique_id |
|
|
cluster_type |
|
|
cluster_name |
|
|
severity |
|
|
group_val |
|
|
cloud_provider_id |
|
|
findings |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |