Content Comparison

Versions Compared

Version	Old Version 1	New Version Current
Changes made by	Borja Moro Moreno (Unlicensed)	Aditya Bahukhandi
Saved on	Aug 22, 2023	Jan 13, 2025

Key

This line was added.
This line was removed.
Formatting was changed.

...

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables
Menlo Security Browser Isolation (inside the Menlo Security Cloud Platform)	`rbi.menlo.attachment`	`rbi.menlo.attachment`
	`rbi.menlo.audit`	`rbi.menlo.audit`
	`rbi.menlo.email`	`rbi.menlo.email`
	`rbi.menlo.smtp`	`rbi.menlo.smtp`
	`rbi.menlo.web`	`rbi.menlo.web`

For more information, read more About Devo tags.

...

These are the fields displayed in these tables:

rbi.menlo.attachment

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
product	`str`
rvlabs_factor	`str`
vendor	`str`
rewritten	`str`
event_time	`timestamp`
file_type	`str`
bytes	`str`
name	`str`
message_tid	`str`
reason	`str`
version	`str`
email_date	`str`
sha256	`str`
message_id	`str`
mime_type	`str`
severity	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

rbi.menlo.audit

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
product	`str`
vendor	`str`
uid	`str`
event_time	`timestamp`
name	`str`
version	`str`
audit_actions	`str`
sub_event_type	`str`
rev_id	`str`
severity	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

rbi.menlo.email

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
domain	`str`
vendor	`str`
rewritten	`str`
event_time	`timestamp`
message_tid	`str`
charset	`str`
product	`str`
name	`str`
url	`str`
reason	`str`
version	`str`
email_date	`str`
message_id	`str`
severity	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

rbi.menlo.smtp

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
severity	`str`
smtp_reply	`str`
time_handoff_down	`float8`
total_links	`int4`
rows	`int4`
from2	`str`
next_hop_reason	`str`
event_time	`timestamp`
src_tls	`str`
hostname2	`str`
src_ip	`ip4`
to	`str`
version	`str`
message_id	`str`
product	`str`
vendor	`str`
timestamp	`timestamp`
src_port	`str`
reason	`str`
dst_tls	`str`
rewritten_links	`int4`
time_taken	`float8`
rewrite_success	`str`
time_handoff_up	`float8`
name	`str`
message_tid	`str`
region	`str`
unix_time	`str`
unix_time_iso	`timestamp`
mode	`str`
dst_ip	`ip4`
dst_from_port	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

rbi.menlo.web

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
top_url	`str`
domain	`str`
protocol	`str`
risk_tally	`str`
is_iframe	`str`
origin_ip	`ip4`
has_password	`str`
file_size	`str`
threat_types_string	`str`
threat_types_array	`[str]`
threat_types	`str`
browser_and_version	`str`
user_agent	`str`
egress_ip	`ip4`
severity	`str`
event_time	`timestamp`
dst	`ip4`
destination_ip	`str`
destination_ip_array	`[str]`
destination_string	`str`
filename	`str`
risk_score	`str`
version	`str`
soph_dlp_ref	`str`
xff_ip	`str`
product	`str`
vendor	`str`
request_type	`str`
tab_id	`str`
pe_reason	`str`
categories_string	`str`
categories_array	`[str]`
categories	`str`
x_client_ip	`ip4`
name	`str`
url	`str`
response_code	`str`
userid	`str`
full_session_id	`str`
pe_action	`str`
ua_type	`str`
content_type	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓