| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Introduction
The tags begin with edr.mcafeeidentify the events generated by McAfee MVISION Endpoint.
Tag structure
The full tag must have 4 levels. The first two are fixed as edr.mcafee. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Product / Services | Tags | Data tables |
|---|---|---|
McAfee MVISION Endpoint |
|
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in this table:
edr.mcafee.mvision.threat
Field | Type | Field transformation | Source field name | Extra fields | ||
|---|---|---|---|---|---|---|
eventdate |
|
|
| |||
hostname |
|
|
| |||
id |
|
|
| |||
type |
|
|
| |||
entity |
|
|
| |||
origin |
|
|
| |||
nature |
|
|
| |||
user |
|
|
| |||
timestamp |
|
|
| |||
threat__id |
|
|
| |||
threat__maGuid |
|
|
| |||
threat__detectionDate |
|
|
| |||
threat__eventType |
|
|
| |||
threat__threatType |
|
|
| |||
threat__threatAttrs__name |
|
|
| |||
threat__threatAttrs__path |
|
|
| |||
threat__threatAttrs__md5 |
|
|
| |||
threat__threatAttrs__sha1 |
|
|
| |||
threat__threatAttrs__sha256 |
|
|
| |||
threat__interpreterFileAttrs__name |
|
|
| |||
threat__interpreterFileAttrs__path |
|
|
| |||
threat__interpreterFileAttrs__md5 |
|
|
| |||
threat__interpreterFileAttrs__sha1 |
|
|
| |||
threat__interpreterFileAttrs__sha256 |
|
|
| |||
threat__severity |
|
|
| |||
threat__rank |
|
|
| |||
threat__score |
|
|
| |||
threat__detectionTags_str |
|
| threat__detectionTags | |||
threat__contentVersion |
|
|
| |||
tenant_id |
|
|
| |||
transaction_id |
|
|
| |||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ | ||
rawMessage |
|
|
| ✓ |