Content Comparison

...

How is the data sent to Devo?

CEF data can be sent directly to Devo or by using a relay. To use the CEF default relay rule, send to the relay’s port 13000. Learn more about CEF syslog format and how Devo tags these events in in Technologies supported in CEF syslog format.

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
rawMessage	`str`		✓
hostchain	`str`		✓
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
act	`str`
app	`str`
DispositionCode	`int8`	cn1
ScanDuration	`int8`	cn2
Policy	`str`	cs1
DynCat	`str`	cs2
ContentType	`str`	cs3
destinationTranslatedPort	`int4`
dhost	`str`
dpt	`int4`
dst	`ip4`
dvc	`ip4`
in	`int8`
out	`int8`
reason	`str`
requestClientApplication	`str`
requestMethod	`str`
request	`str`
rt	`timestamp`
spt	`int4`
src	`ip4`
suser	`str`
tag	`str`	cefTag	✓