Table of Contents | ||||
---|---|---|---|---|
|
Introduction
The tags beginning withmdr.infocyte
identify events generated by Infocyte.
Valid tags and data tables
The full tag must have 3 levels. The first two are fixed asmdr.infocyte
. The third level identifies the type of events sent.
...
Technology
...
Brand
...
Type
...
mdr
...
infocyte
...
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | TagTags | Data tabletables |
---|---|---|
Infocyte platform |
|
|
For more information, read more about Devo tags.
How is the data sent to Devo?
To send logs to these tables, Devo provides a collector that you can use to send the required events to your Devo domain. You can learn how to use it in Infocyte collector.
Table structure
This is These are the set displayed by these tables.fields displayed in this table:
mdr.infocyte.alertdetails
Field | Type | Extra |
---|
fields | |
---|---|
eventdate |
|
| |
machine |
|
| |
flagId |
|
| |
flagColor |
|
| |
flagName |
|
| |
flagWeight |
|
| |
threatScore |
|
| |
threatWeight |
|
| |
threatName |
|
| |
avPositives |
|
| |
avTotal |
|
| |
hasAvScan |
|
| |
synapse |
|
| |
dynamicAnalysis |
|
| |
malicious |
|
| |
suspicious |
|
| |
staticAnalysis |
|
| |
whitelist |
|
| |
blacklist |
|
| |
localBlacklist |
|
| |
localWhitelist |
|
| |
unknown |
|
| |
notMalicious |
|
| |
targetId |
|
| |
hostname |
|
| |
data_str |
|
| |
signature__type |
|
| |
signature__issuer_name |
|
| |
signature__subject_name |
|
| |
signature__serial_number |
|
| |
signature__timestamp_issuer |
|
| |
signature__timestamp_subject |
|
| |
size |
|
| |
sourceId |
|
| |
sourceVersionId |
|
| |
sourceType |
|
| |
signal |
|
| |
sourceText |
|
| |
severityLevel |
|
| |
mitreId |
|
| |
mitreTactic |
|
| |
hostId |
|
| |
md5 |
|
| |
sha1 |
|
| |
sha256 |
|
| |
scanName |
|
| |
extensionSuccess |
|
| |
agentId |
|
| |
sourceAuthor |
|
| |
id |
|
| |
name |
|
| |
type |
|
| |
description |
|
| |
severity |
|
| |
sourceName |
|
| |
search |
|
| |
itemId |
|
| |
hostScanId |
|
| |
scanId |
|
| |
batchId |
|
| |
fileRepId |
|
| |
signed |
|
| |
managed |
|
| |
createdOn |
|
| |
archived |
|
| |
avRatio |
|
| |
exportSequenceId |
|
| |
data_id |
|
| |
pid |
|
| |
uid |
|
| |
path |
|
| |
ppid |
|
| |
owner |
|
| |
failed |
|
| |
ssdeep |
|
| |
tenant |
|
| |
package |
|
| |
realtime |
|
| |
accountid |
|
| |
device_id |
|
| |
item_type |
|
| |
processid |
|
| |
pprocessid |
|
| |
commandline |
|
| |
compromised |
|
| |
filecreated |
|
| |
instance_id |
|
| |
processname |
|
| |
created_date |
|
| |
filemodified |
|
| |
hasinjection |
|
| |
processstarted |
|
| |
decoded_payload |
|
| |
parentprocessname |
|
| |
grandparentprocessname |
|
| ||
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
|
✓
How is the data sent to Devo?
...
✓ |