Content Comparison

Table of Contents

maxLevel	2
minLevel	2
type	flat

Introduction

The tags beginning wirthcef0.arcsight identify events in CEF format generated by ArcSight.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

...

Tags

...

Data tables

...

cef0.arcsight.arcsight

...

cef0.arcsight.arcsight

...

cef0.arcsight.cpmiClient

...

cef0.arcsight.cpmiClient

...

cef0.arcsight.firewall

...

cef0.arcsight.firewall

...

cef0.arcsight.logger

...

cef0.arcsight.logger

...

cef0.arcsight.panOs

...

cef0.arcsight.panOs

...

cef0.arcsight.smartdashboard

...

cef0.arcsight.smartdashboard

...

cef0.arcsight.smartdefense

...

cef0.arcsight.smartdefense

...

cef0.arcsight.smartviewTracker

...

cef0.arcsight.smartviewTracker

...

cef0.arcsight.unityone

...

cef0.arcsight.unityone

...

cef0.arcsight.vpn1Firewall1

...

cef0.arcsight.vpn1Firewall1

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in these tables:

...

Rw tab

title	1-5

cef0.arcsight.arcsight
cef0.arcsight.cpmiClient
cef0.arcsight.firewall
cef0.arcsight.logger
cef0.arcsight.panOs

...

Field

...

Type

...

Source field name

...

Extra fields

...

eventdate

...

timestamp

...

priorityCode

...

str

...

cefTag

...

str

...

cefVersion

...

str

...

embDeviceVendor

...

str

...

embDeviceProduct

...

str

...

deviceVersion

...

str

...

signatureID

...

str

...

name

...

str

...

severity

...

str

...

_cefVer

...

str

...

cat

...

str

...

cn1Label

...

str

...

cn1

...

int8

...

cn2Label

...

str

...

cn2

...

int8

...

cn3Label

...

str

...

cn3

...

int8

...

cnt

...

int4

...

cs1Label

...

str

...

cs1

...

str

...

cs2Label

...

str

...

cs2

...

str

...

cs3Label

...

str

...

cs3

...

str

...

cs4Label

...

str

...

cs4

...

str

...

cs5Label

...

str

...

cs5

...

str

...

cs6Label

...

str

...

cs6

...

str

...

dhost

...

str

...

dst

...

ip4

...

duid

...

str

...

duser

...

str

...

dvchost

...

str

...

dvc

...

ip4

...

end

...

timestamp

...

fname

...

str

...

msg

...

str

...

rt

...

timestamp

...

shost

...

str

...

src

...

ip4

...

start

...

timestamp

...

suid

...

str

...

agentZoneURI

...

str

...

agt

...

ip4

...

ahost

...

str

...

aid

...

str

...

arcSightEventPath

...

str

...

art

...

str

...

assetCriticality

...

int4

...

at

...

str

...

atz

...

str

...

av

...

str

...

baseEventIds

...

str

...

catdt

...

str

...

categoryBehavior

...

str

...

categoryDeviceGroup

...

str

...

categoryObject

...

str

...

categoryOutcome

...

str

...

categorySignificance

...

str

...

categoryTechnique

...

str

...

customerID

...

str

...

customerURI

...

str

...

destinationAssetId

...

str

...

destinationGeoCountryCode

...

str

...

destinationGeoLocationInfo

...

str

...

destinationGeoRegionCode

...

str

...

destinationZoneID

...

str

...

destinationZoneURI

...

str

...

deviceAssetId

...

str

...

deviceFacility

...

str

...

deviceSeverity

...

str

...

deviceZoneID

...

str

...

deviceZoneURI

...

str

...

dlat

...

float8

...

dlong

...

float8

...

dpt

...

int4

...

dtz

...

str

...

eventAnnotationAuditTrail

...

str

...

eventAnnotationEndTime

...

timestamp

...

eventAnnotationEventId

...

str

...

eventAnnotationFlags

...

str

...

eventAnnotationManagerReceiptTime

...

timestamp

...

eventAnnotationModificationTime

...

timestamp

...

eventAnnotationStageID

...

str

...

eventAnnotationStageUpdateTime

...

timestamp

...

eventAnnotationStageURI

...

str

...

eventAnnotationVersion

...

int4

...

eventId

...

str

...

flexString1

...

str

...

generatorID

...

str

...

generatorURI

...

str

...

locality

...

int4

...

modelConfidence

...

int4

...

mrt

...

timestamp

...

priority

...

int4

...

relevance

...

int4

...

ruleThreadId

...

str

...

sessionId

...

str

...

slat

...

float8

...

slong

...

float8

...

sourceAssetId

...

str

...

sourceGeoCountryCode

...

str

...

sourceZoneID

...

str

...

sourceZoneURI

...

Table of Contents

maxLevel	2
minLevel	2
type	flat

Introduction

The tags beginning wirthcef0.arcsight identify events in CEF format generated by ArcSight.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

Tags	Data tables
`cef0.arcsight.arcsight`	`cef0.arcsight.arcsight`
`cef0.arcsight.cpmiClient`	`cef0.arcsight.cpmiClient`
`cef0.arcsight.firewall`	`cef0.arcsight.firewall`
`cef0.arcsight.logger`	`cef0.arcsight.logger`
`cef0.arcsight.panOs`	`cef0.arcsight.panOs`
`cef0.arcsight.smartdashboard`	`cef0.arcsight.smartdashboard`
`cef0.arcsight.smartdefense`	`cef0.arcsight.smartdefense`
`cef0.arcsight.smartviewTracker`	`cef0.arcsight.smartviewTracker`
`cef0.arcsight.unityone`	`cef0.arcsight.unityone`
`cef0.arcsight.vpn1Firewall1`	`cef0.arcsight.vpn1Firewall1`

How is the data sent to Devo?

CEF data can be sent directly to Devo or by using a relay. To use the CEF default relay rule, send to the relay’s port 13000. Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in these tables:

eventAnnotationStageURI

Rw ui tabs macro

Rw tab

title	1-5

cef0.arcsight.arcsight
cef0.arcsight.cpmiClient
cef0.arcsight.firewall
cef0.arcsight.logger
cef0.arcsight.panOs

Anchor
tag1
tag1
cef0.arcsight.arcsight

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cn3Label	`str`
cn3	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
cs3Label	`str`
cs3	`str`
cs4Label	`str`
cs4	`str`
cs5Label	`str`
cs5	`str`
cs6Label	`str`
cs6	`str`
dhost	`str`
dst	`ip4`
duid	`str`
duser	`str`
dvchost	`str`
dvc	`ip4`
end	`timestamp`
fname	`str`
msg	`str`
rt	`timestamp`
shost	`str`
src	`ip4`
start	`timestamp`
suid	`str`
agentZoneURI	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
baseEventIds	`str`
catdt	`str`
categoryBehavior	`str`
categoryDeviceGroup	`str`
categoryObject	`str`
categoryOutcome	`str`
categorySignificance	`str`
categoryTechnique	`str`
customerID	`str`
customerURI	`str`
destinationAssetId	`str`
destinationGeoCountryCode	`str`
destinationGeoLocationInfo	`str`
destinationGeoRegionCode	`str`
destinationZoneID	`str`
destinationZoneURI	`str`
deviceAssetId	`str`
deviceFacility	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dlat	`float8`
dlong	`float8`
dpt	`int4`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
flexString1	`str`
generatorID	`str`
generatorURI	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
ruleThreadId	`str`
sessionId	`str`
slat	`float8`
slong	`float8`
sourceAssetId	`str`
sourceGeoCountryCode	`str`
sourceZoneID	`str`
sourceZoneURI	`str`
type	`int4`
tag	`str`	cefTag	✓
rawMessage	`str`		✓
hostchain	`str`		✓

Anchor
tag2
tag2
cef0.arcsight.cpmiClient

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
generatorID	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
type	`int4`
tag	`str`	cefTag	✓
rawMessage	`str`		✓
hostchain	`str`		✓

Anchor
tag3
tag3
cef0.arcsight.firewall

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
generatorID	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
type	`int4`
rawMessage	`str`		✓
hostchain	`str`		✓
tag	`str`	cefTag	✓

Anchor
tag4
tag4
cef0.arcsight.logger

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
generatorID	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
type	`int4`
tag	`str`	cefTag	✓
rawMessage	`str`		✓
hostchain	`str`		✓

Anchor
tag5
tag5
cef0.arcsight.panOs

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
generatorID	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
type	`int4`
tag	`str`	cefTag	✓
rawMessage	`str`		✓
hostchain	`str`		✓

Rw tab

title	6-10

cef0.arcsight.smartdashboard
cef0.arcsight.smartdefense
cef0.arcsight.smartviewTracker
cef0.arcsight.unityone
cef0.arcsight.vpn1Firewall1

Anchor
tag6
tag6
cef0.arcsight.smartdashboard

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
generatorID	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
type	`int4`
tag	`str`	cefTag	✓
rawMessage	`str`		✓
hostchain	`str`		✓

Anchor

tag2

tag7

tag2

tag7
cef0.arcsight.

cpmiClient

smartdefense

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
generatorID	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
type	`int4`
tag	`str`	cefTag	✓
rawMessage	`str`		✓
hostchain	`str`		✓

Anchor

tag3

tag8

tag3

tag8
cef0.arcsight.

firewall

smartviewTracker

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
generatorID	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
type	`int4`

rawMessage


tag	`str`

cefTag

✓

hostchain

rawMessage

str

✓

tag

hostchain

str

cefTag

✓

Anchor

tag4

tag9

tag4

tag9
cef0.arcsight.

logger

unityone

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID	`str`
eventAnnotationStageUpdateTime	`timestamp`
eventAnnotationStageURI	`str`
eventAnnotationVersion	`int4`
eventId	`str`
generatorID	`str`
locality	`int4`
modelConfidence	`int4`
mrt	`timestamp`
priority	`int4`
relevance	`int4`
type	`int4`
tag	`str`	cefTag	✓
rawMessage	`str`		✓
hostchain	`str`		✓

Anchor

tag5

tag10

tag5

tag10
cef0.arcsight.

panOs

vpn1Firewall1

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
priorityCode	`str`
cefTag	`str`
cefVersion	`str`
embDeviceVendor	`str`
embDeviceProduct	`str`
deviceVersion	`str`
signatureID	`str`
name	`str`
severity	`str`
_cefVer	`str`
cat	`str`
cn1Label	`str`
cn1	`int8`
cn2Label	`str`
cn2	`int8`
cnt	`int4`
cs1Label	`str`
cs1	`str`
cs2Label	`str`
cs2	`str`
dvchost	`str`
dvc	`ip4`
deviceFacility	`str`
filePath	`str`
fileType	`str`
fname	`str`
agt	`ip4`
ahost	`str`
aid	`str`
arcSightEventPath	`str`
art	`str`
assetCriticality	`int4`
at	`str`
atz	`str`
av	`str`
deviceAssetId	`str`
deviceSeverity	`str`
deviceZoneID	`str`
deviceZoneURI	`str`
dtz	`str`
eventAnnotationAuditTrail	`str`
eventAnnotationEndTime	`timestamp`
eventAnnotationEventId	`str`
eventAnnotationFlags	`str`
eventAnnotationManagerReceiptTime	`timestamp`
eventAnnotationModificationTime	`timestamp`
eventAnnotationStageID

str

eventAnnotationStageUpdateTime

timestamp

str

eventAnnotationVersion

int4

eventId

str

generatorID

str

locality

int4

modelConfidence

int4

mrt

timestamp

priority

eventAnnotationStageUpdateTime

int4

timestamp

relevance

eventAnnotationStageURI

int4

str

type


eventAnnotationVersion	`int4`

tag


eventId	`str`

cefTag

✓

rawMessage


generatorID	`str`

✓

locality

hostchain

str

int4

✓

modelConfidence

Version	Old Version 4	New Version Current
Changes made by	Juan Tomás Alonso Nieto (Deactivated)	Virginia Camuñas Núñez
Saved on	Sept 26, 2023	Feb 13, 2025

Versions Compared

Key

Introduction

Tag structure

How is the data sent to Devo?

Table structure

Introduction

Tag structure

How is the data sent to Devo?

Table structure

Anchor
tag1
tag1
cef0.arcsight.arcsight

Anchor
tag2
tag2
cef0.arcsight.cpmiClient

Anchor
tag3
tag3
cef0.arcsight.firewall

Anchor
tag4
tag4
cef0.arcsight.logger

Anchor
tag5
tag5
cef0.arcsight.panOs

Anchor
tag6
tag6
cef0.arcsight.smartdashboard

Anchor

tag7

tag7
cef0.arcsight.

smartdefense

Anchor

tag8

tag8
cef0.arcsight.

smartviewTracker

Anchor

tag9

tag9
cef0.arcsight.

unityone

Anchor

tag10

tag10
cef0.arcsight.

vpn1Firewall1

Content Comparison

Versions Compared

Key

Introduction

Tag structure

How is the data sent to Devo?

Table structure

Introduction

Tag structure

How is the data sent to Devo?

Table structure

Anchortag1tag1cef0.arcsight.arcsight

Anchortag2tag2cef0.arcsight.cpmiClient

Anchortag3tag3cef0.arcsight.firewall

Anchortag4tag4cef0.arcsight.logger

Anchortag5tag5cef0.arcsight.panOs

Anchortag6tag6cef0.arcsight.smartdashboard

Anchor

tag7

tag7cef0.arcsight.

smartdefense

Anchor

tag8

tag8cef0.arcsight.

smartviewTracker

Anchor

tag9

tag9cef0.arcsight.

unityone

Anchor

tag10

tag10cef0.arcsight.

vpn1Firewall1

Anchor
tag1
tag1
cef0.arcsight.arcsight

Anchor
tag2
tag2
cef0.arcsight.cpmiClient

Anchor
tag3
tag3
cef0.arcsight.firewall

Anchor
tag4
tag4
cef0.arcsight.logger

Anchor
tag5
tag5
cef0.arcsight.panOs

Anchor
tag6
tag6
cef0.arcsight.smartdashboard

tag7
cef0.arcsight.

tag8
cef0.arcsight.

tag9
cef0.arcsight.

tag10
cef0.arcsight.