Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

Tags beginning with cspm.horangi identify events generated by Horangi Cyber Security.

...

The full tag must have 4 levels. The first two are fixed ascspm.horangi. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

...

Technology

...

Brand

...

Type

...

Subtype

...

cspm

...

horangi

...

  • warden

...

  • alerts

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

cspm.horangi.warden.alerts

cspm.horangi.warden.alerts

For more information, read more About Devo tags.

Table structure

This is These are the set displayed by these tables.fields displayed in this table:

cspm.horangi.warden.alerts

Field

Type

Extra Label fields

eventdate

timestamp-

hostname

str-

alert__id

str-

alert__monitoring_groups

str-

alert__severity

str-

alert__title

str

-

alert__type

str

-

alert__warden_url

str-

cloud__account__id

str-

cloud__account__name

str

-

cloud__provider

str-

cloud__region

str-

event__action

str-

identity__id

str-

identity__is_service

bool-

identity__name

str

-

identity__type

str-

identity__user_agent

str-

identity__metadata__etag

str-

identity__metadata__name

str-

identity__metadata__email

str-

identity__metadata__horangi

json-

identity__metadata__uniqueId

str-

identity__metadata__projectId

str-

identity__metadata__displayName

str-

identity__metadata__oauth2ClientId

str-

identity__metadata__policyanalyzer

json-

identity__metadata__id

str

-

identity__metadata__kind

str-

identity__metadata__emails

str

-

identity__metadata__aliases

str

-

identity__metadata__isAdmin

bool

-

identity__metadata__archived

bool-

identity__metadata__addresses

str

-

identity__metadata__languages

str

-

identity__metadata__locations

str-

identity__metadata__relations

str-

identity__metadata__suspended

bool-

identity__metadata__customerId

str-

identity__metadata__externalIds

str

-

identity__metadata__orgUnitPath

str

-

identity__metadata__creationTime

timestamp-

identity__metadata__primaryEmail

str-

identity__metadata__agreedToTerms

bool-

identity__metadata__ipWhitelisted

bool-

identity__metadata__lastLoginTime

timestamp-

identity__metadata__organizations

str-

identity__metadata__posixAccounts

str-

identity__metadata__recoveryEmail

str-

identity__metadata__recoveryPhone

str-

identity__metadata__sshPublicKeys

str-

identity__metadata__isMailboxSetup

bool

-

identity__metadata__isEnforcedIn2Sv

bool

-

identity__metadata__isEnrolledIn2Sv

bool-

identity__metadata__isDelegatedAdmin

bool-

identity__metadata__changePasswordAtNextLogin

bool-

identity__metadata__includeInGlobalAddressList

bool-

identity__metadata__thumbnailPhotoUrl

str-

identity__metadata__thumbnailPhotoEtag

str-

identity__metadata__gender

json-

identity__metadata__description

str-

resource__category

str-

resource__id

str-

resource__type

str-

resource__metadata

str-

rule__name

str-

rule__description

str-

source__geo__city

str-

source__geo__continent

str-

source__geo__country

str-

source__ip

str-

timestamp

str-

at_devo_collector_version

int4-

at_devo_source_id

str-

at_devo_project_id

str-

at_devo_retrieving_timestamp

timestamp-

hostchain

str

tag

str

rawMessage

str