| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Introduction
The tags beginning with cef0.bit9CarbonblackJson identify events in CEF format generated by Barracuda Carbon Black Bit9 Security Platform.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
...
cef0.bit9CarbonblackJson.cbResponse
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
| |
hostname |
|
| |
priorityCode |
|
| |
cefTag |
|
| |
cefVersion |
|
| |
embDeviceVendor |
|
| |
embDeviceProduct |
|
| |
deviceVersion |
|
| |
signatureID |
|
| |
name |
|
| |
severity |
|
| |
_cefVer |
|
| |
act |
|
| |
dhost |
|
| |
dntdom |
|
| |
dpid |
|
| |
dproc |
|
| |
dst |
|
| |
dpt |
|
| |
dvchost |
|
| |
shost |
|
| |
type |
|
| |
hostchain |
|
| ✓ |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |