...
How is the data sent to Devo?
CEF data can be sent directly to Devo or by using a relay. To use the CEF default relay rule, send to the relay’s port 13000. Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Table structure
These are the fields displayed in these tables:
cef0.anubisnetworks.cyberfeed
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
| |
priorityCode |
|
| |
cefTag |
|
| |
cefVersion |
|
| |
embDeviceVendor |
|
| |
embDeviceProduct |
|
| |
deviceVersion |
|
| |
signatureID |
|
| |
name |
|
| |
severity |
|
| |
selfDomain |
|
| |
cat |
|
| |
trojanFamily |
| cs1 | |
geoEnvRemoteAddrASNName |
| cs2 | |
geoEnvRemoteAddrCountryName |
| cs3 | |
geoEnvRemoteAddrCountryCode |
| cs4 | |
geoEnvRemoteAddrRegion |
| cs5 | |
geoEnvRemoteAddrCity |
| cs6 | |
geoEnvRemoteAddrASNNumber |
| cn1 | |
geoEnvRemoteAddrLongitude |
| cn2 | |
geoEnvRemoteAddrLatitude |
| cn3 | |
dhost |
|
| |
dst |
|
| |
dpt |
|
| |
end |
|
| |
fsize |
|
| |
msg |
|
| |
proto |
|
| |
requestClientApplication |
|
| |
requestCookies |
|
| |
requestMethod |
|
| |
request |
|
| |
rt |
|
| |
shost |
|
| |
spt |
|
| |
src |
|
| |
suser |
|
| |
antivirus |
|
| |
args |
|
| |
attc |
|
| |
avgsCurIpa |
|
| |
avgsCurIpc |
|
| |
avgsOldIpa |
|
| |
avgsOldIpc |
|
| |
avgsOldSeen |
|
| |
bad |
|
| |
class |
|
| |
dataExtUris |
|
| |
dataHelo |
|
| |
dataHSender |
|
| |
dataMailFrom |
|
| |
dataPTR |
|
| |
dataRemoteSysFlavor |
|
| |
dataRemoteSysLinkType |
|
| |
dataRemoteSysOS |
|
| |
dataSpike |
|
| |
dataUnknownSMTPCmdsCount |
|
| |
dataUris |
|
| |
domains |
|
| |
endDate |
|
| |
flags |
|
| |
good |
|
| |
ham |
|
| |
hits |
|
| |
httpXFF |
|
| |
lnkFrom |
|
| |
lnkFromSig |
|
| |
lnkTo |
|
| |
paction |
|
| |
payload0ResultActive |
|
| |
payload0ResultCtime |
|
| |
payload0ResultDups |
|
| |
payload0ResultH1 |
|
| |
payload0ResultH2 |
|
| |
payload0ResultH3 |
|
| |
payload0ResultH4 |
|
| |
payload0ResultHash |
|
| |
payload0ResultHit |
|
| |
payload0ResultOhash |
|
| |
payload0ResultOsig |
|
| |
payload0ResultReply |
|
| |
payload0ResultSz |
|
| |
payload0ResultWeight |
|
| |
payload0ResultWords |
|
| |
payload14Data |
|
| |
payload15ResultPatternsHits |
|
| |
payload16ResultUris |
|
| |
payload4Data |
|
| |
payload4ResultHit |
|
| |
payload4ResultReply |
|
| |
payloadFullurisData |
|
| |
payloadHashdb2ResultReply |
|
| |
payloadHashdb2Txtdata |
|
| |
payloadHashdbResultReply |
|
| |
payloadHashdbTxtdata |
|
| |
payloadMailsigsResultReply |
|
| |
payloadMailsigsTextdata |
|
| |
payloadMsnwData |
|
| |
payloadTawlData |
|
| |
payloadTemplatesData |
|
| |
payloadTemplatesResultReply |
|
| |
payloadUriblData |
|
| |
permalink |
|
| |
points |
|
| |
qtype |
|
| |
reqid |
|
| |
sd |
|
| |
signatures |
|
| |
snort |
|
| |
spam |
|
| |
tags |
|
| |
targetCategory |
|
| |
targetMd5 |
|
| |
targetSha1 |
|
| |
targetSha256 |
|
| |
targetType |
|
| |
thits |
|
| |
tmpl |
|
| |
urisdata |
|
| |
yara |
|
| |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |
cef0.anubisnetworks.cyberfeedRealTimeThreatIntelligence
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
| |
priorityCode |
|
| |
cefTag |
|
| |
cefVersion |
|
| |
embDeviceVendor |
|
| |
embDeviceProduct |
|
| |
deviceVersion |
|
| |
signatureID |
|
| |
name |
|
| |
severity |
|
| |
selfDomain |
|
| |
cat |
|
| |
trojanFamily |
| cs1 | |
geoEnvRemoteAddrASNName |
| cs2 | |
geoEnvRemoteAddrCountryName |
| cs3 | |
geoEnvRemoteAddrCountryCode |
| cs4 | |
geoEnvRemoteAddrRegion |
| cs5 | |
geoEnvRemoteAddrCity |
| cs6 | |
geoEnvRemoteAddrASNNumber |
| cn1 | |
geoEnvRemoteAddrLongitude |
| cn2 | |
geoEnvRemoteAddrLatitude |
| cn3 | |
dhost |
|
| |
dst |
|
| |
dpt |
|
| |
end |
|
| |
fsize |
|
| |
msg |
|
| |
proto |
|
| |
requestClientApplication |
|
| |
requestCookies |
|
| |
requestMethod |
|
| |
request |
|
| |
rt |
|
| |
shost |
|
| |
spt |
|
| |
src |
|
| |
suser |
|
| |
antivirus |
|
| |
args |
|
| |
attc |
|
| |
avgsCurIpa |
|
| |
avgsCurIpc |
|
| |
avgsOldIpa |
|
| |
avgsOldIpc |
|
| |
avgsOldSeen |
|
| |
bad |
|
| |
class |
|
| |
dataExtUris |
|
| |
dataHelo |
|
| |
dataHSender |
|
| |
dataMailFrom |
|
| |
dataPTR |
|
| |
dataRemoteSysFlavor |
|
| |
dataRemoteSysLinkType |
|
| |
dataRemoteSysOS |
|
| |
dataSpike |
|
| |
dataUnknownSMTPCmdsCount |
|
| |
dataUris |
|
| |
domains |
|
| |
endDate |
|
| |
flags |
|
| |
good |
|
| |
ham |
|
| |
hits |
|
| |
httpXFF |
|
| |
lnkFrom |
|
| |
lnkFromSig |
|
| |
lnkTo |
|
| |
paction |
|
| |
payload0ResultActive |
|
| |
payload0ResultCtime |
|
| |
payload0ResultDups |
|
| |
payload0ResultH1 |
|
| |
payload0ResultH2 |
|
| |
payload0ResultH3 |
|
| |
payload0ResultH4 |
|
| |
payload0ResultHash |
|
| |
payload0ResultHit |
|
| |
payload0ResultOhash |
|
| |
payload0ResultOsig |
|
| |
payload0ResultReply |
|
| |
payload0ResultSz |
|
| |
payload0ResultWeight |
|
| |
payload0ResultWords |
|
| |
payload14Data |
|
| |
payload15ResultPatternsHits |
|
| |
payload16ResultUris |
|
| |
payload4Data |
|
| |
payload4ResultHit |
|
| |
payload4ResultReply |
|
| |
payloadFullurisData |
|
| |
payloadHashdb2ResultReply |
|
| |
payloadHashdb2Txtdata |
|
| |
payloadHashdbResultReply |
|
| |
payloadHashdbTxtdata |
|
| |
payloadMailsigsResultReply |
|
| |
payloadMailsigsTextdata |
|
| |
payloadMsnwData |
|
| |
payloadTawlData |
|
| |
payloadTemplatesData |
|
| |
payloadTemplatesResultReply |
|
| |
payloadUriblData |
|
| |
permalink |
|
| |
points |
|
| |
qtype |
|
| |
reqid |
|
| |
sd |
|
| |
signatures |
|
| |
snort |
|
| |
spam |
|
| |
tags |
|
| |
targetCategory |
|
| |
targetMd5 |
|
| |
targetSha1 |
|
| |
targetSha256 |
|
| |
targetType |
|
| |
thits |
|
| |
tmpl |
|
| |
urisdata |
|
| |
yara |
|
| |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |