Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

Anchor
tag1
tag1
ips.mcafee.nsm

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

subtype

str

 

vtype

IV_ALERT_ID

str

 

 

IV_ALERT_TYPE

str

 

 

IV_ATTACK_TIME

timestamp

Code Block
parsedate(substring(IV_ATTACK_TIME_str, 0, 19), +".000", dateformat("YYYY-MM-DD HH:mm:ss.SSS", substring(IV_ATTACK_TIME_str, 20)))

IV_ATTACK_TIME_str

IV_ATTACK_NAME

str

 

 

IV_ATTACK_ID

str

 

 

IV_ATTACK_SEVERITY

str

 

 

IV_ATTACK_SIGNATURE

str

 

 

IV_ATTACK_CONFIDENCE

str

 

 

IV_ADMIN_DOMAIN

str

 

 

IV_SENSOR_NAME

str

 

 

IV_INTERFACE

str

 

 

IV_SOURCE_IP

ip4

 

 

IV_SOURCE_PORT

str

 

 

IV_DESTINATION_IP

ip4

 

 

IV_DESTINATION_PORT

str

 

 

IV_CATEGORY

str

 

 

IV_SUB_CATEGORY

str

 

 

IV_DIRECTION

str

 

 

IV_RESULT_STATUS

str

 

 

IV_DETECTION_MECHANISM

str

 

 

IV_APPLICATION_PROTOCOL

str

 

 

IV_NETWORK_PROTOCOL

str

 

 

message

str

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag2
tag2
ips.mcafee.nsm.audit

Field

Type

Extra fields

eventdate

timestamp

 

machine

str

 

IV_AUDIT_ACTION

str

 

IV_AUDIT_RESULT

str

 

IV_AUDIT_TIME

str

 

IV_AUDIT_MESSAGE

str

 

IV_AUDIT_USER

str

 

IV_AUDIT_CATEGORY

str

 

IV_AUDIT_DOMAIN

str

 

IV_AUDIT_DETAIL_COMMENT

str

 

IV_AUDIT_DETAIL_DELTA

str

 

hostchain

str

tag

str

rawMessage

str

Anchor
tag3
tag3
ips.mcafee.nsm.events

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

IV_ALERT_ID

str

 

 

IV_ALERT_TYPE

str

 

 

IV_ATTACK_TIME

timestamp

Code Block
parsedate(substring(IV_ATTACK_TIME_str, 0, 19), +".000", dateformat("YYYY-MM-DD HH:mm:ss.SSS", substring(IV_ATTACK_TIME_str, 20)))

IV_ATTACK_TIME_str

IV_ATTACK_NAME

str

 

 

IV_ATTACK_ID

str

 

 

IV_ATTACK_SEVERITY

str

 

 

IV_ATTACK_SIGNATURE

str

 

 

IV_ATTACK_CONFIDENCE

str

 

 

IV_ADMIN_DOMAIN

str

 

 

IV_SENSOR_NAME

str

 

 

IV_INTERFACE

str

 

 

IV_SOURCE_IP

ip4

 

 

IV_SOURCE_PORT

str

 

 

IV_DESTINATION_IP

ip4

 

 

IV_DESTINATION_PORT

str

 

 

IV_CATEGORY

str

 

 

IV_SUB_CATEGORY

str

 

 

IV_DIRECTION

str

 

 

IV_RESULT_STATUS

str

 

 

IV_DETECTION_MECHANISM

str

 

 

IV_APPLICATION_PROTOCOL

str

 

 

IV_NETWORK_PROTOCOL

str

 

 

message

str

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag4
tag4
ips.mcafee.nsm.fault

Field

Type

Extra fields

eventdate

timestamp

 

machine

str

 

IV_ACK_INFORMATION

str

 

IV_ADDITIONAL_TEXT

str

 

IV_ADMIN_DOMAIN

str

 

IV_DESCRIPTION

str

 

IV_DEVICE_NAME

str

 

IV_FAULT_COMPONENT

str

 

IV_FAULT_LEVEL

str

 

IV_FAULT_NAME

str

 

IV_FAULT_SOURCE

str

 

IV_FAULT_TIME

str

 

IV_FAULT_TYPE

str

 

IV_MEMBER_DEVICE_NAME

str

 

IV_OWNER_ID

str

 

IV_SEVERITY

str

 

hostchain

str

 

tag

str

 

rawMessage

str