Content Comparison

...

Note

HTTP Ingestions

Note that it is not possible to ingest data to CEF tables using the HTTP ingestion method.

List of technologies

...

Technology	Data table name
Akamai	cef0.akamai.akamai_siem ^{learn more}
Amazon Web Services	cef0.amazon* ^{learn more}
AnubisNetworks Cyberfeed	cef0.anubisnetworks.cyberfeed cef0.anubisnetworks.cyberfeedRealTimeThreatIntelligence
Akamai Logger	cef0.arcsight.logger ^{learn more}
AWN CyberSOC	cef0.cybersoc.incapsula cef0.cybersoc.servicedesk
AWS VPC Flow Log	cef0.aws.vpcFlow ^{learn more}
Barracuda Web Application Firewall	cef0.barracuda.waf ^{learn more}
Barracuda Networks	cef0.barracudanetworks ^{learn more}
Blue Coat Systems	cef0.bluecoat ^{learn more}
Carbon Black Protection	cef1.carbonBlack.protection ^{learn more}
Check Point	cef0.checkPoint.antiMalware ^{learn more} cef0.checkPoint.applicationControlAndUrlFiltering ^{learn more} cef0.checkPoint.compliance ^{learn more} cef0.checkPoint.contentAwareness ^{learn more} cef0.checkPoint.endpointManagement ^{learn more} cef0.checkPoint.fde ^{learn more} cef0.checkPoint.firewall ^{learn more} cef0.checkPoint.mepp ^{learn more} cef0.checkPoint.newAntiVirus ^{learn moew} cef0.checkPoint.scheduledSystemUpdate ^{learn more} cef0.checkPoint.threatEmulation ^{learn more} cef0.checkPoint.threatExtraction ^{learn more} cef0.checkPoint.vpn1Firewall1AndContentAwareness ^{learn more} cef0.checkPoint.web_api ^{learn more} cef0.checkPoint.zeroPhishing ^{learn more}
Check Point Application Control	cef0.checkPoint.applicationControl ^{learn more}
Check Point dshield agent log	cef0.checkPoint.stormagent
Check Point Firewall	cef0.checkPoint.firewall1 cef0.checkPoint.fwm
Check Point Log Exporter	cef0.checkPoint.logUpdate (shown as cef0.check-point.log-update)
Check Point Security Compliance	cef0.checkPoint.complianceBlade cef0.checkPoint.cpmiClient
Check Point Security Gateway	cef0.checkPoint.httpsInspection cef0.checkPoint.logSystem cef0.checkPoint.securityGatewayManagement
Check Point Security Management Appliances	cef0.checkPoint.securityManagementServer
Check Point SmartDashboard	cef0.checkPoint.smartdashboard
Check Point SmartDefense	cef0.checkPoint.smartdefense
Check Point SmartView	cef0.checkPoint.smartviewMonitor cef0.checkPoint.smartviewTracker cef0.checkPoint.system cef0.checkPoint.systemMonitor
Check Point VPN Solutions	cef0.checkPoint.vpn1 cef0.checkPoint.vpn1EmbeddedConnector cef0.checkPoint.vpn1Firewall1 cef0.checkPoint.vpn1Firewall1Smartdefense
Cisco ASA	cef0.cisco.asa
Cisco Email Security	cef0.cisco.ironport
Cisco FWSM	cef0.cisco.fwsm
Cisco Intrusion Detection System	cef0.cisco.ciscoIntrusionPreventionSystem
Cisco Meraki Access Point	cef0.cisco.merakiAccessPoint ^{learn more}
Cisco NX-OS Software	cef0.cisco.nxOs
Cisco routers	cef0.cisco.ciscorouter
Cisco Secure Access Control System	cef0.cisco.ciscoSecureAcs
Cisco/Sourcefire FireSIGHT System Event Streamer (eStreamer)	cef0.sourcefire.sourcefireManagemeentConsoleEstreamer
Crowdstrike Falcon Host	cef0.crowdstrike.falconhost
CyberArk Enterprise Password Vault	cef0.cyberArk.vault
Cybereason	cef0.cybereason.* ^{learn more}
F5 ASM	cef0.f5.asm ^{learn more}
F5 BIG-IP Application Services	cef0.f5.bigIp
Fireeye Email Security	cef0.fireeye.emps cef0.fireeye.mps
Forcepoint Data Loss Prevention	cef0.forcepoint.forcepointDlp
Forcepoint Firewall	cef0.forcepoint.firewall
Forcepoint Web Security	cef0.forcepoint.security ^{learn more}
Forescout CounterACT	cef0.forescout.counteract cef0.forescoutTechnologies.counteract ^{learn more}
Fortinet FortiGate	cef0.fortinet.fortigate60e ^{learn more} cef0.fortinet.fortigate300d ^{learn more} cef0.fortinet.fortigate600e ^{learn more} cef0.fortinet.fortigate400e ^{learn more} cef0.fortinet.fortigate200e ^{learn more}
Fortinet FortiNAC	cef0.fortinet.fortinacVmCa ^{learn more}
IBM AS/400	cef0.ibm.as400
IBM Guardium	cef0.ibm.guardium ^{learn more}
IBM Security	cef0.ibm.securityAccessManager ^{learn more}
Imperva Attack Analytics	cef0.impervaInc.attackAnalytics ^{learn more}
Imperva SecureSphere MX Management Server	cef0.impervaMx.securesphere
Infoblox Network Identity Operating System	cef0.infoblox.nios
Ipswitch Secure File Transfer Software	cef0.ipswitch.sftp
Juniper Junos OS	cef0.juniper.junos
Juniper NetScreen Security	cef0.juniper.netscreenVpn
Juniper Network & Security Manager	cef0.juniper.nsm
Juniper ScreenOS Firewall	cef0.netscreen.firewallVpn
Juniper SSL VPN	cef0.juniper.juniperSsl
Kaspersky	cef0.kaspersky.kaspersky ^{learn more} cef0.kasperskylab.securitycenter ^{learn more} cef0.kaspersky.securityCenter ^{learn more} cef0.kaspersky.securityCenterNetworkAgent ^{learn more} cef0.kaspersky.kasperskyAntivirusForWindowsServersEnterpriseEdition ^{learn more} cef0.kaspersky.kasperskyEndpointSecurityForWindows ^{learn more}
Lumension Endpoint Management and Security	cef0.lumension.lumension
Malwarebytes	cef0.malwarebytes.malwarebytes-endpoint-protection ^{learn more}
McAfee ePolicy Orchestrator (McAfee ePO)	cef0.mcafee.epolicyOrchestrator
McAfee Host Intrusion Prevention	cef0.mcafee.hostIntrusionPrevention
McAfee Next Generation Firewall	cef0.mcafee.firewall
McAfee Secure Internet Gateway	cef0.mcafee.secureInternetGateway
Micro Focus ArcSight	cef0.arcsight.arcsight cef0.arcsight.cpmiClient cef0.arcsight.firewall cef0.arcsight.firewall1 cef0.arcsight.logger cef0.arcsight.panOs cef0.arcsight.smartdashboard cef0.arcsight.smartdefense cef0.arcsight.smartviewTracker cef0.arcsight.unityone cef0.arcsight.vpn1Firewall1
Microsoft Cloud App Security	cef0.mcas.siemAgent ^{learn more}
Microsoft DNS trace log	cef0.microsoft.dnsTraceLog
Microsoft Defender ATP (now Microsoft Defender for Endpoint).	cef0.microsoft.windowsDefenderAtp ^{learn more}
Microsoft Exchange Server	cef0.microsoft.exchangeServer
Microsoft Forefront Protection	cef0.microsoft.forefrontProtection
Microsoft Forefront Threat Management Gateway (formerly Microsoft ISA Server)	cef0.microsoft.isaServer
Microsoft IIS	cef0.microsoft.internetInformationServer
Microsoft Network Policy Server	cef0.microsoft.nps
Microsoft SQL Server	cef0.microsoft.sqlServer
Microsoft System Center Configuration Manager (Forefront Endpoint Connection)	cef0.microsoft.sccm_fep
Microsoft system events	cef0.microsoft.systemOrApplicationEvent
Microsoft Windows	cef0.microsoft.microsoftWindows
Nagios Network Monitoring	cef0.nagios.nagios
Palo Alto Networks PAN-OS	cef0.paloAltoNetworks.cortexXdrAgent ^{learn more} cef0.paloAltoNetworks.panOs^{learn more} cef0.paloAltoNetworks.lf^{learn more} cef0.paloAltoNetworks.paloAltoNetworksCortexXsoar^{learn more}
Powertech SIEM Agent	cef0.powertech.siemAgent
Preempt Behavioral Firewall	cef0.preemptsecurity.pbf
Proofpoint Messaging Security Gateway	cef0.proofpoint.messagingSecurityGateway
Qualys	cef0.qualys.qualys
RSA Identity Management and Governance	cef0.rsa.identityManagementService
SAP - Security Audit Log	cef0.sap.securityAuditLog
Snort Intrusion Detection (Open source)	cef0.snort.snort
SonicWall	cef0.sonicwall ^{learn more}
Sophos Anti-Virus	cef0.sophos.sophosAntiVirus
Sophos XG firewall	cef0.sophos.xg ^{learn more}
Stonesoft Firewall	cef0.stonesoft.alert cef0.stonesoft.firewall cef0.stonesoft.ips cef0.stonesoft.stonegate
Symantec	cef0.symantec.symantec
Symantec Data Loss Prevention	cef0.symantec.dlp
Symantec Email Security	cef0.symantec.mailSecurityAppliance
Symantec Endpoint Protection Mobile	cef0.symantec.symantecEndpointProtectionMobile
Symantec ProxySG (formerly by Blue Coat Systems)	cef0.bluecoat.proxyAv cef0.blueCoat.proxySg cef0.blueCoat.proxySgNavegacion
Trend Micro Control Manager	cef0.trendMicro.controlManager cef0.trendMicro.deepSecurityAgent cef0.trendMicro.deepSecurityManager
Trend Micro Deep Discovery Analyzer	cef0.trendMicro.deepDiscoveryAnalyzer ^{learn more}
Trend Micro TippingPoint Unity One IPS	cef0.trendMicro.deepDiscoveryDirector
Trend Micro XDR	cef0.trendmicro.xdr ^{learn more}
Tripwire Enterprise	cef0.tripwire.enterprise
Unix Sendmail	cef0.unix.sendmail
VMware ESX	cef0.vmware.esx
Watchguards XTM 11.x.x.	cef0.watchguards.xtm330 ^{learn more}
Websense (now part of Forcepoint)	cef0.websense.security
Zscaler	cef0.zscaler.nssweblog ^{learn more} cef0.zscaler.nssfwlog ^{learn more}

Sending data to Devo

In order to start sending data CEF data can be sent directly to Devo using these tags, you must configure some parameters. Go to Policies → Common Objects → Other → Syslog Configuration and enter the following data. Click here for more info.

...

Configuration

...

Detail

...

Server Name

USA - collector-us.devo.io
GCP (Spain) - es.elb.relay.logtrust.net
EU - eu.elb.relay.logtrust.net

...

Devo endpoints

...

or by using a relay. To use the CEF default relay rule, send to the relay’s port 13000.

To send the data directly, configure your data source to send to the Devo event load balancer.

Configuration	Detail
Server Port	443
Transport	TSL
Event formart	CEF0
Private key	Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → Access Keys
Credentials	Access Keys
Certificate	Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → X.509 Certificates
Credentials	X.509 Certificates.
Chain	Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → X.509 Certificates.

...

Version	Old Version 18	New Version Current
Changes made by	Juan Tomás Alonso Nieto	Laszlo Frazer
Saved on	Nov 02, 2023	Feb 03, 2025

Content Comparison

Versions Compared

Key

List of technologies

Sending data to Devo