Introduction
Tags beginning with auth.pingjumpcloud identify events generated by PingIdentity JumpCloud.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed asauth.pingjumpcloud. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
...
Technology
...
Brand
...
Type
...
Subtype
...
auth
...
ping
...
id
...
mfa
...
...
security_audit
These are the valid tags and corresponding data tables that will receive the parsers' data:
...
Tag
...
Data table
...
auth.ping.id.mfa
...
auth.ping.id.mfa
...
auth.ping.federate.security_audit
...
auth.ping.federate.security_audit
...
...
Field | Value | Extra field |
eventdate | timestamp
| - |
hostname | str
| - |
action | str
| - |
actors__type_str | str
| - |
actors__id_str | str
| - |
actors__name_str | str
| - |
source | str
| - |
id | str
| - |
client2 | str
| - |
result__status | str
| - |
result__message | str
| - |
recorded | str
| -Product / Service | Tags | Data tables |
|---|
JumpCloud | auth.jumpcloud.all.events
| auth.jumpcloud.all.events
| Note |
|---|
Union table This is a union table that collects events from a set of tables for easy access and analysis. Learn more about this union table in this article. |
|
auth.jumpcloud.directory.events
| auth.jumpcloud.directory.events
|
auth.jumpcloud.ldap.events
| auth.jumpcloud.ldap.events
|
auth.jumpcloud.mdm.events
| auth.jumpcloud.mdm.events
|
auth.jumpcloud.radius.events
| auth.jumpcloud.radius.events
|
auth.jumpcloud.software.events
| auth.jumpcloud.software.events
|
auth.jumpcloud.sso.events
| auth.jumpcloud.sso.events
|
auth.jumpcloud.systems.events
| auth.jumpcloud.systems.events
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in these tables:
| Rw ui tabs macro |
|---|
| Anchor |
|---|
| auth.jumpcloud.directory.events |
|---|
| auth.jumpcloud.directory.events |
|---|
|
auth.jumpcloud.directory.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | initiated_by__email | str
| | initiated_by__username | str
| | initiated_by__source | str
| | initiated_by__source_metadata__name | str
| | geoip__country_code | str
| | geoip__timezone | str
| | geoip__latitude | float8
| | geoip__continent_code | str
| | geoip__region_name | str
| | geoip__region_code | str
| | geoip__longitude | float8
| | resource__id | str
| | resource__type | str
| | resource__username | str
| | changes | str
| | auth_method | str
| | auth_context__system__hostname | str
| | auth_context__system__os | str
| | auth_context__system__display_name | str
| | auth_context__system__id | str
| | auth_context__system__version | str
| | success | bool
| | mfa | bool
| | event_type | str
| | provider | str
| | service | str
| | organization | str
| | at_version | str
| | client_ip | ip4
| | client_ipv6 | ip6
| | id | str
| | user_agent__patch | str
| | user_agent__minor | str
| | user_agent__os | str
| | user_agent__major | str
| | user_agent__build | str
| | user_agent__name | str
| | user_agent__os_name | str
| | user_agent__device | str
| | association__type | str
| | association__id | str
| | association__email | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.ldap.events |
|---|
| auth.jumpcloud.ldap.events |
|---|
|
auth.jumpcloud.ldap.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | err | str
| | error_message | str
| | initiated_by__type | str
| | initiated_by__username | str
| | initiated_by__email | str
| | start_tls | bool
| | tls_established | bool
| | dn | str
| | mech | str
| | auth_method | str
| | event_type | str
| | connection_id | str
| | port | str
| | success | bool
| | service | str
| | organization | str
| | at_version | str
| | error_code | str
| | id | str
| | oid | str
| | base | str
| | scope | str
| | filter | str
| | operation_number | str
| | username | str
| | timestamp | timestamp
| | deref | int4
| | operation_type | str
| | number_of_results | int4
| | attr | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.mdm.events |
|---|
| auth.jumpcloud.mdm.events |
|---|
|
auth.jumpcloud.mdm.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | mdm_type | str
| | request_type | str
| | mdm_device_id | str
| | mdm_device_manager_id | str
| | command__request_type | str
| | command__payload | str
| | event_type | str
| | command_uuid | str
| | service | str
| | organization | str
| | at_version | str
| | error_chain | str
| | id | str
| | timestamp_str | str
| | timestamp | timestamp
| | status | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.radius.events |
|---|
| auth.jumpcloud.radius.events |
|---|
|
auth.jumpcloud.radius.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | initiated_by__email | str
| | id | str
| | nas_mfa_state | str
| | auth_type | str
| | eap_type | str
| | client_ip | ip4
| | client_ipv6 | ip6
| | geoip__country_code | str
| | geoip__timezone | str
| | geoip__latitude | float8
| | geoip__continent_code | str
| | geoip__region_name | str
| | geoip__region_code | str
| | geoip__longitude | float8
| | service | str
| | success | bool
| | username | str
| | organization | str
| | error_message | str
| | mfa | bool
| | outer__eap_type | str
| | outer__error_message | str
| | outer__username | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.software.events |
|---|
| auth.jumpcloud.software.events |
|---|
|
auth.jumpcloud.software.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | system__hostname | str
| | system__id | str
| | event_type | str
| | application__path | str
| | application__uninstall_string | str
| | application__name | str
| | application__publisher | str
| | application__version | str
| | resource__id | str
| | resource__type | str
| | provider | str
| | service | str
| | organization | str
| | changes | str
| | id | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| auth.jumpcloud.sso.events |
|---|
| auth.jumpcloud.sso.events |
|---|
|
auth.jumpcloud.sso.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | initiated_by__username | str
| | error_message | str
| | geoip__country_code | str
| | geoip__timezone | str
| | geoip__latitude | float8
| | geoip__continent_code | str
| | geoip__region_name | str
| | geoip__longitude | float8
| | geoip__region_code | str
| | sso_token_success | bool
| | auth_context__policies_applied | str
| | auth_context__system__hostname | str
| | auth_context__system__os | str
| | auth_context__system__display_name | str
| | auth_context__system__id | str
| | auth_context__system__version | str
| | mfa | bool
| | event_type | str
| | application__name | str
| | application__id | str
| | application__sso_url | str
| | application__display_label | str
| | provider | str
| | service | str
| | organization | str
| | at_version | str
| | client_ip | ip4
| | client_ipv6 | ip6
| | idp_initiated | bool
| | id | str
| | user_agent__patch | str
| | user_agent__os | str
| | user_agent__minor | str
| | user_agent__major | str
| | user_agent__build | str
| | user_agent__name | str
| | user_agent__os_name | str
| | user_agent__device | str
| | timestamp_str | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
|
...
...
...
...
...
...
...
...
systems.eventsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | initiated_by__id | str
| | initiated_by__type | str
| | initiated_by__username | str
| | error_message | str
| | geoip__country_code | str
| | geoip__timezone | str
| | geoip__latitude | float8
| | geoip__continent_code | str
| | geoip__region_name | str
| | geoip__longitude | float8
| | geoip__region_code | str
| | sso_token_success | bool
| | auth_context__policies_applied | str
| | mfa | bool
| | event_type | str
| | application__name | str
| | application__id | str
| | application__sso_url | str
| | provider | str
| | service | str
| | organization | str
| | at_version | str
| | client_ip | ip4
| | idp_initiated | bool
| | id | str
| | user_agent__patch | str
| | user_agent__os | str
| | user_agent__minor | str
| | user_agent__major | str
| | user_agent__build | str
| | user_agent__name | str
| | user_agent__os_name | str
| | user_agent__device | str
| | timestamp_str | str
| | timestamp | timestamp
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
|
