This group includes tags that start with the level box. These tags identify data generated by operating systems.
Company | Product / Service | Data tables |
|---|
- | - | | Note |
|---|
Union table - box.all.win This is a union table that collects events from a set of tables for easy access and analysis. Learn more about this union table in this article. |
|
 Image Modified | IBM AS/400 | More information |
IBM z/OS | More information |
More information |
 Image Modified | UNIX audit | | Note |
|---|
Union table - box.audit.unix This is a union table that collects events from a set of tables for easy access and analysis. Learn more about this union table in this article. |
box.audit.unix.audispd
box.audit.unix.auditd
box.audit.unix.goAudit
More information |
UNIX osquery | box.osquery.unix.info
box.osquery.unix.results
More information |
UNIX system logs | More information |
UNIX 8 system logs | More information |
CloudWatch logs on UNIX | More information |
UNIX stat logs | box.stat.unix.diskstat
box.stat.unix.dstatLt1
box.stat.unix.tags
More information |
 Image Modified | Devo Endpoint Agent | box.devo_ea
box.devo_ea.configuration
box.devo_ea.configuration.disk_info
box.devo_ea.configuration.groups
box.devo_ea.configuration.network
box.devo_ea.configuration.operating_system
box.devo_ea.configuration.system_info
box.devo_ea.configuration.users
box.devo_ea.configuration.win_software
box.devo_ea.detections
box.devo_ea.events_linux
box.devo_ea.events_windows
box.devo_ea.events_windows.application
box.devo_ea.events_windows.powershell
box.devo_ea.events_windows.security
box.devo_ea.events_windows.setup
box.devo_ea.events_windows.sysmon
box.devo_ea.events_windows.system
box.devo_ea.files
box.devo_ea.files.dhcp4_windows
box.devo_ea.files.dhcp6_windows
box.devo_ea.files.dns_windows
box.devo_ea.files.iis
box.devo_ea.inventories.sw_vulnerabilities
box.devo_ea.performance
box.devo_ea.performance.cpu_mem
box.devo_ea.performance.disk_io
box.devo_ea.performance.disk_usage
box.devo_ea.performance.disk_windows
box.devo_ea.performance.network
box.devo_ea.status
box.devo_ea.status.fim
box.devo_ea.status.listening_ports
box.devo_ea.status.process_open_sockets
box.devo_ea.status.processes
box.devo_ea.status.services_windows
box.devo_ea.status.users_loggedin
box.devo_ea.unknown
More information |
 Image Modified | Docker container logs | More information |
 Image Modified | Linux iptables | More information |
 Image Modified | macOS | More information |
macOS NXLog | More information |
 Image Modified | VMware | box.vmware.esx
box.vmware.firewall
box.vmware.vcenter
More information |
 Image Modified | Microsoft Azure | box.stat.azure.dstatLt1
box.stat.azure.tags
More information |
Windows events | | Note |
|---|
Deprecated parser Note that the box.win parser is deprecated and no longer supported by Devo. We recommend to use the corresponding box.win_* parser for your specific technology. Learn more about these parsers below in this table. |
More information |
Windows Classic | More information |
Windows CloudWatch | |
More information
Windows hf | box.win_hf
box.win_hf.application
box.win_hf.invalid
box.win_hf.other
box.win_hf.securityMore information |
Windows InTrust | More information |
Windows Kinesis Agent | More information |
Windows NXLog | box.win_nxlog
box.win_nxlog.adfs
box.win_nxlog.application
box.win_nxlog.dns
box.win_nxlog.group_policy
box.win_nxlog.invalid
box.win_nxlog.other
box.win_nxlog.powershell
box.win_nxlog.print
box.win_nxlog.remote_conn
box.win_nxlog.security
box.win_nxlog.smb
box.win_nxlog.sysmon
box.win_nxlog.system
box.win_nxlog.windows_powershell
More information |
WinQuest | More information |
Snare Windows Agent | More information |
SolarWinds | box.win_solarwinds
box.win_solarwinds.application
box.win_solarwinds.other
box.win_solarwinds.powershell
box.win_solarwinds.security
box.win_solarwinds.setup
box.win_solarwinds.system
More information |
Windows System Monitor (Sysmon) | More information |
Winlogbeat | box.win_winlogbeat
box.win_winlogbeat.adpwprotect
box.win_winlogbeat.application
box.win_winlogbeat.applocker
box.win_winlogbeat.authentication
box.win_winlogbeat.bitsClient
box.win_winlogbeat.codeintegrity
box.win_winlogbeat.deviceguard
box.win_winlogbeat.forwarding
box.win_winlogbeat.kernelPnp
box.win_winlogbeat.ntlm
box.win_winlogbeat.oalerts
box.win_winlogbeat.powershell
box.win_winlogbeat.security
box.win_winlogbeat.securityMitigations
box.win_winlogbeat.setup
box.win_winlogbeat.smb
box.win_winlogbeat.sysmon
box.win_winlogbeat.system
box.win_winlogbeat.taskscheduler
box.win_winlogbeat.terminalservices
box.win_winlogbeat.win32k
box.win_winlogbeat.windows_defender
box.win_winlogbeat.windows_firewall
box.win_winlogbeat.windowsupdateclient
box.win_winlogbeat.wmiActivity
More information |
Windows stat logs | box.stat.win.diskstat
box.stat.win.dstatLt1
box.stat.win.heartbeat
box.stat.win.tags
More information |
