Versions Compared

Old Version 1

changes.mady.by.user Sarah Bigault

Saved on

compared with

New Version Current

changes.mady.by.user Sarah Bigault

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The tags beginning with cef0.thycotic.applicationControlSolutiontippingpoint identify events in CEF format generated by Anomali ThreatStream Threat Intelligence Management belonging to Anomali.

...

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostnamerawMessage

str

hostchain

priority_code

hostchain

str

 

cef_tagpriorityCode

str

 

cef_versioncefTag

str

 

emb_device_vendorcefVersion

str

 

emb_device_productembDeviceVendor

str

 

device_versionembDeviceProduct

str

 

signature_iddeviceVersion

str

 

namesignatureID

str

 

severityname

str

 

external_idseverity

str

 

computer_idcefVer

str

 

computer_nameact

str

 

event_received_by_serverapp

str

 

file_idcn1Label

str

 

file_namecn1

strint8

 

file_pathcn2Label

str

 

policy_namecn2

strint8

 

usernamecnt

strint4

 

hostchaincs2Label

str

 

tagcs2

str

 cef_tag

rawMessage

str

 ✓cs3Label

str

cs3

str

cs4Label

str

cs4

str

cs5Label

str

cs5

str

cs6Label

str

cs6

str

deviceInboundInterface

str

deviceOutboundInterface

str

dst

ip4

dvchost

str

dvc

ip4

externalId

str

proto

str

rt

timestamp

spt

int4

src

ip4

agt

ip4

ahost

str

aid

str

arcSightEventPath

str

art

str

assetCriticality

int4

at

str

atz

str

av

str

catdt

str

categoryBehavior

str

categoryDeviceGroup

str

categoryObject

str

categoryOutcome

str

categorySignificance

str

categoryTechnique

str

customerID

str

customerURI

str

destinationAssetId

str

destinationGeoCountryCode

str

destinationGeoLocationInfo

str

destinationGeoPostalCode

str

destinationGeoRegionCode

str

destinationZoneExternalID

str

destinationZoneID

str

destinationZoneURI

str

deviceSeverity

str

deviceZoneID

str

deviceZoneURI

str

dlat

float8

dlong

float8

dpt

int4

dtz

str

eventAnnotationAuditTrail

str

eventAnnotationEndTime

timestamp

eventAnnotationEventId

str

eventAnnotationFlags

str

eventAnnotationManagerReceiptTime

timestamp

eventAnnotationModificationTime

timestamp

eventAnnotationStageID

str

eventAnnotationStageUpdateTime

timestamp

eventAnnotationStageURI

str

eventAnnotationVersion

int4

eventId

str

locality

int4

modelConfidence

int4

mrt

timestamp

priority

int4

relevance

int4

slat

float8

slong

float8

sourceAssetId

str

sourceGeoCountryCode

str

sourceGeoLocationInfo

str

sourceGeoPostalCode

str

sourceGeoRegionCode

str

sourceZoneExternalID

str

sourceZoneID

str

sourceZoneURI

str

type

int4

tag

str

cefTag