Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

Introduction

The tags beginning withmdr.infocyte identify events generated by Infocyte.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed asmdr.infocyte. The third level identifies the type of events sent.

...

Technology

...

Brand

...

Type

...

mdr

...

infocyte

...

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

TagTags

Data tabletables

Infocyte platform

mdr.infocyte.alertdetails

mdr.infocyte.alertdetails

For more information, read more about Devo tags.

How is the data sent to Devo?

To send logs to these tables, Devo provides a collector that you can use to send the required events to your Devo domain. You can learn how to use it in Infocyte collector.

Table structure

This is These are the set displayed by these tables.fields displayed in this table:

mdr.infocyte.alertdetails

Field

Type

Extra

Label

fields

eventdate

timestamp

-

 

machine

str

-

 

flagId

str

-

 

flagColor

str

-

 

flagName

str

-

 

flagWeight

int8

-

 

threatScore

int8

-

 

threatWeight

int8

-

 

threatName

str

-

 

avPositives

int8

-

 

avTotal

int8

-

 

hasAvScan

bool

-

 

synapse

str

-

 

dynamicAnalysis

bool

-

 

malicious

bool

-

 

suspicious

bool

-

 

staticAnalysis

bool

-

 

whitelist

bool

-

 

blacklist

bool

-

 

localBlacklist

bool

-

 

localWhitelist

bool

-

 

unknown

bool

-

 

notMalicious

bool

-

 

targetId

str

-

 

hostname

str

-

 

data_str

str

-

 

signature__type

str

-

 

signature__issuer_name

str

-

 

signature__subject_name

str

-

 

signature__serial_number

str

-

 

signature__timestamp_issuer

str

-

 

signature__timestamp_subject

str

-

 

size

int8

-

 

sourceId

str

-

 

sourceVersionId

str

-

 

sourceType

str

-

 

signal

bool

-

 

sourceText

str

-

 

severityLevel

int4

-

 

mitreId

str

-

 

mitreTactic

str

-

 

hostId

str

-

 

md5

str

-

 

sha1

str

-

 

sha256

str

-

 

scanName

str

-

 

extensionSuccess

str

-

 

agentId

str

-

 

sourceAuthor

str

-

 

id

str

-

 

name

str

-

 

type

str

-

 

description

str

-

 

severity

str

-

 

sourceName

str

-

 

search

str

-

 

itemId

str

-

 

hostScanId

str

-

 

scanId

str

-

 

batchId

str

-

 

fileRepId

str

-

 

signed

bool

-

 

managed

bool

-

 

createdOn

str

-

 

archived

bool

-

 

avRatio

float8

-

 

exportSequenceId

str

-

 

data_id

int8

-

 

pid

int4

-

 

uid

str

-

 

path

str

-

 

ppid

int4

-

 

owner

str

-

 

failed

bool

-

 

ssdeep

str

-

 

tenant

str

-

 

package

str

-

 

realtime

bool

-

 

accountid

str

-

 

device_id

str

-

 

item_type

str

-

 

processid

str

-

 

pprocessid

str

-

 

commandline

str

-

 

compromised

bool

-

 

filecreated

str

-

 

instance_id

str

-

 

processname

str

-

 

created_date

str

-

 

filemodified

str

-

 

hasinjection

int4

-

 

processstarted

str

-

 

decoded_payload

str

-

 

parentprocessname

str

-

 

grandparentprocessname

str

-

 

hostchain

str

 

tag

str

 

rawMessage

str

How is the data sent to Devo?

...