Versions Compared

Old Version 1

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The full tag must have 3 levels. The first two are fixed asuba.exabeam. The and the third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Exabeam Security Analytics

timestamp="2021-06-11T14uba.exabeam.notables

uba.exabeam.notables

timestamp="2022-02-24T21

timestamp="2022-02-25T03

date=2021-06-11 time=09uba.exabeam.skyformation

uba.exabeam.skyformation

For more information, read more About Devo tags.

...

These are the fields displayed in these tables:

uba.exabeam.notables

Field

Type

Extra fields

eventdate

timestamp

hostname

str

timestamp

str

id

str

score

str

user

str

src_ip

str

dest_ip

str

event_time

str

event_type

str

host

str

rawlog_time

str

time

str

source

str

vendor

str

lockout_id

str

session_id

str

isp

str

country_code

str

session_order

str

account

str

failure_reason

str

rule_id

str

rule_name

str

rule_description

str

rule_reason

str

src_host

str

rawlog_refs

str

alert_name

str

local_asset

str

outcome

str

alert_type

str

additional_info

str

alert_id

str

alert_severity

str

url

str

start_time

str

end_time

str

status

str

accounts

str

labels

str

assets

str

zones

str

top_reasons

str

reasons_count

str

events_count

str

alerts_count

str

sequence_type

str

hostchain

str

tag

str

rawMessage

str

...