Versions Compared

Version Old Version 8 New Version Current
Changes made by

Juan Tomás Alonso Nieto

Virginia Camuñas Núñez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

...

Tags

Devo tables

cef0.cisco.asa

cef0.cisco.asa

cef0.cisco.c100vEmailSecurityVirtualAppliance

cef0.cisco.c100vEmailSecurityVirtualAppliance

cef0.cisco.c300vEmailSecurityVirtualAppliance

cef0.cisco.c300vEmailSecurityVirtualAppliance

cef0.cisco.c600vSecureEmailGatewayVirtual

cef0.cisco.c600vSecureEmailGatewayVirtual

cef0.cisco.ciscoIntrusionPreventionSystem

cef0.cisco.ciscoIntrusionPreventionSystem

cef0.cisco.ciscoSecureAcs

cef0.cisco.ciscoSecureAcs

cef0.cisco.ciscorouter

cef0.cisco.ciscorouter

cef0.cisco.fireamp

cef0.cisco.fireamp

cef0.cisco.firepower

cef0.cisco.firepower

cef0.cisco.fwsm

cef0.cisco.fwsm

cef0.cisco.ironport

cef0.cisco.ironport

cef0.cisco.ironportAmp

cef0.cisco.ironportAmp

cef0.cisco.ironportAuthentication

cef0.cisco.ironportAuthentication

cef0.cisco.merakiAccessPoint

cef0.cisco.merakiAccessPoint

cef0.cisco.nxOs

cef0.cisco.nxOs

cef0.cisco.stealthwatch

cef0.cisco.stealthwatch

cef0.cisco.umbrella

cef0.cisco.umbrella

cef0.cisco.wirelessLanController

cef0.cisco.wirelessLanController

How is the data sent to Devo?

Learn more about CEF syslog format and how CEF data can be sent directly to Devo or by using a relay. To use the CEF default relay rule, send to the relay’s port 13000. Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in these tables:

Rw ui tabs macro
Rw tab
title1-46

Anchor
tag1
tag1
cef0.cisco.asa

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

c6a1Label

str

 

c6a1

str

 

c6a2Label

str

 

c6a2

str

 

c6a3Label

str

 

c6a3

str

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cnt

int4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

deviceInboundInterface

str

 

deviceOutboundInterface

str

 

dhost

str

 

dst

ip4

 

duser

str

 

dvchost

str

 

dvc

ip4

 

msg

str

 

out

int8

 

proto

str

 

rt

timestamp

 

shost

str

 

spt

int4

 

src

ip4

 

start

timestamp

 

suser

str

 

agt

ip4

 

ahost

str

 

aid

str

 

arcSightEventPath

str

 

art

str

 

assetCriticality

int4

 

at

str

 

atz

str

 

av

str

 

catdt

str

 

categoryBehavior

str

 

categoryDeviceGroup

str

 

categoryObject

str

 

categoryOutcome

str

 

categorySignificance

str

 

customerID

str

 

customerURI

str

 

destinationAssetId

str

 

destinationGeoCountryCode

str

 

destinationGeoLocationInfo

str

 

destinationGeoRegionCode

str

 

destinationZoneID

str

 

destinationZoneURI

str

 

deviceAssetId

str

 

deviceSeverity

str

 

deviceZoneID

str

 

deviceZoneURI

str

 

dlat

float8

 

dlong

float8

 

dpt

int4

 

dtz

str

 

eventAnnotationAuditTrail

str

 

eventAnnotationEndTime

timestamp

 

eventAnnotationEventId

str

 

eventAnnotationFlags

str

 

eventAnnotationManagerReceiptTime

timestamp

 

eventAnnotationModificationTime

timestamp

 

eventAnnotationStageID

str

 

eventAnnotationStageUpdateTime

timestamp

 

eventAnnotationStageURI

str

 

eventAnnotationVersion

int4

 

eventId

str

 

locality

int4

 

modelConfidence

int4

 

mrt

timestamp

 

priority

int4

 

relevance

int4

 

slat

float8

 

slong

float8

 

sourceGeoCountryCode

str

 

sourceGeoLocationInfo

str

 

sourceGeoRegionCode

str

 

sourceZoneID

str

 

sourceZoneURI

str

 

tag

str

cefTag

rawMessage

str

 

hostchain

str

 

Anchor

tag2

tag100

tag2

tag100
cef0.cisco.

c300vEmailSecurityVirtualAppliance

c100vEmailSecurityVirtualAppliance

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

priority_code

str

 

 

cefTag

str

 

 

cefVersion

str

 

 

embDeviceVendor

str

 

 

embDeviceProduct

str

 

 

device_version

deviceVersion

str

 

 

signature_id

signatureID

str

 

 

name

str

 

 

severity

int4

mailLanguage

str

 

 

SBRSScore

str

 

 

dataIP

str

 

 

senderCountry

str

 

 

eSAMsgTooBigFromSender

str

 

 

eSARateLimitedIP

str

 

 

mailPolicy

str

 

 

eSAMailFlowPolicy

str

 

 

eSASenderGroup

str

 

 

eSADHASource

str

 

 

recipients

str

 

 

eSAHeloIP

str

 

 

eSAHeloDomain

str

 

 

eSATLSOutConnStatus

str

 

 

eSATLSOutProtocol

str

 

 

eSATLSOutCipher

str

 

 

eSATLSInConnStatus

str

 

 

eSATLSInProtocol

str

 

 

eSATLSInCipher

str

 

 

eSADMARCVerdict

str

 

 

eSADKIMVerdict

str

 

 

eSASPFVerdict

str

 

 

eSAFriendlyFrom

str

 

 

mailFrom

str

 

 

eSAReplyTo

str

 

 

subject

str

 

 

eSAMID

str

 

 

messageID

str

 

 

SDRReputationScore

str

 

 

eSASDRDomainAge

str

 

 

SDRThreatCategory

str

 

 

eSAASVerdict

str

 

 

eSAAVVerdict

str

 

 

eSAAMPVerdict

str

 

 

eSAGMVerdict

str

 

 

eSACFVerdict

str

 

 

eSAOFVerdict

str

 

 

eSADLPVerdict

str

 

 

eSAMFVerdict

str

 

 

eSAURLDetails

str

 

 

eSAAttachmentDetails

str

 

 

eSAMARAction

str

 

 

eSADCID

str

 

 

DCIDTimestamp

str

 

 

eSADaneStatus

str

 

 

eSADaneHost

str

 

 

msgFinalAction

str

 

 

eSAFinalActionDetails

str

 

 

hostchain

str

 

 

tag

str

 

cefTag

rawMessage

str

 

 

hostname

str

 

str

 

device_action

str

 

deviceExternalId

str

 

 

ICIDTimestamp

str

 

 

eSAICID

str

 

 

deviceInboundInterface

str

 

 

deviceOutboundInterface

str

 

 

senderIP

str

 

 

senderDomain

str

 

 

mailDirection

str

Code Block
ifthenelse(_mailDirection = "0", "incoming", "outgoing")

_mailDirection

device_custom_floating_point_1_label

str

 

device_custom_floating_point_1

float8

 

device_custom_string_1_label

str

 

device_custom_string_1

str

 

device_custom_string_3_label

str

 

device_custom_string_3

str

 

device_custom_string_4_label

str

 

device_custom_string_4

str

 

device_custom_string_5_label

str

 

device_custom_string_5

str

 

device_custom_string_6_label

str

 

device_custom_string_6

str

 

device_direction

int4

 

device_external_id

str

 

device_ingress_interface

str

 

destination_username

str

 

device_ip

ip4

 

message

str

 

source_username

str

 

esa_attachment_details

str

 

esa_final_action_details

str

 

esa_friendly_from

str

 

esa_helo_ip

str

 

esa_mail_flow_policy

str

 

esa_sender_group

str

 

esadmarc_verdict

str

 

esaicid

str

 

esamid

str

 

esasdr_domain_age

str

 

esaspf_verdict

str

 

source_address

str

 

source_host_name

str

 

icid_timestamp

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

Anchor
tag2
tag2
cef0.cisco.c300vEmailSecurityVirtualAppliance

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

priorityCode

str

 

 

cefTag

str

 

 

cefVersion

str

 

 

embDeviceVendor

str

 

 

embDeviceProduct

str

 

 

deviceVersion

str

 

 

signatureID

str

 

 

name

str

 

 

severity

int4

 

 

deviceExternalId

str

 

 

ICIDTimestamp

str

 

 

eSAICID

str

 

 

deviceInboundInterface

str

 

 

deviceOutboundInterface

str

 

 

senderIP

str

 

 

senderDomain

str

 

 

mailDirection

str

Code Block
ifthenelse(_mailDirection = "0", "incoming", "outgoing")

_mailDirection

mailLanguage

str

 

 

SBRSScore

str

 

 

dataIP

str

 

 

senderCountry

str

 

 

eSAMsgTooBigFromSender

str

 

 

eSARateLimitedIP

str

 

 

mailPolicy

str

 

 

eSAMailFlowPolicy

str

 

 

eSASenderGroup

str

 

 

eSADHASource

str

 

 

recipients

str

 

 

eSAHeloIP

str

 

 

eSAHeloDomain

str

 

 

eSATLSOutConnStatus

str

 

 

eSATLSOutProtocol

str

 

 

eSATLSOutCipher

str

 

 

eSATLSInConnStatus

str

 

 

eSATLSInProtocol

str

 

 

eSATLSInCipher

str

 

 

eSADMARCVerdict

str

 

 

eSADKIMVerdict

str

 

 

eSASPFVerdict

str

 

 

eSAFriendlyFrom

str

 

 

mailFrom

str

 

 

eSAReplyTo

str

 

 

subject

str

 

 

eSAMID

str

 

 

messageID

str

 

 

SDRReputationScore

str

 

 

eSASDRDomainAge

str

 

 

SDRThreatCategory

str

 

 

eSAASVerdict

str

 

 

eSAAVVerdict

str

 

 

eSAAMPVerdict

str

 

 

eSAGMVerdict

str

 

 

eSACFVerdict

str

 

 

eSAOFVerdict

str

 

 

eSADLPVerdict

str

 

 

eSAMFVerdict

str

 

 

eSAURLDetails

str

 

 

eSAAttachmentDetails

str

 

 

eSAMARAction

str

 

 

eSADCID

str

 

 

DCIDTimestamp

str

 

 

eSADaneStatus

str

 

 

eSADaneHost

str

 

 

msgFinalAction

str

 

 

eSAFinalActionDetails

str

 

 

hostchain

str

 

 

tag

str

 

cefTag

rawMessage

str

 

 

hostname

str

 

 

Anchor
cef0.cisco.c600vSecureEmailGatewayVirtual
cef0.cisco.c600vSecureEmailGatewayVirtual
cef0.cisco.c600vSecureEmailGatewayVirtual

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priority_code

str

 

cef_tag

str

 

cef_version

str

 

emb_device_vendor

str

 

emb_device_product

str

 

device_version

str

 

signature_id

str

 

name

str

 

severity

str

 

device_action

str

 

device_custom_floating_point_1_label

str

 

device_custom_floating_point_1

float8

 

device_custom_string_1_label

str

 

device_custom_string_1

str

 

device_custom_string_2_label

str

 

device_custom_string_2

str

 

device_custom_string_3_label

str

 

device_custom_string_3

str

 

device_custom_string_4_label

str

 

device_custom_string_4

str

 

device_custom_string_6_label

str

 

device_custom_string_6

str

 

device_direction

int4

 

device_external_id

str

 

device_ingress_interface

str

 

device_egress_interface

str

 

destination_username

str

 

device_ip

ip4

 

message

str

 

source_username

str

 

end_time

str

 

esa_final_action_details

str

 

esa_friendly_from

str

 

esa_helo_domain

str

 

esa_helo_ip

str

 

esa_mail_flow_policy

str

 

esa_reply_to

str

 

esa_sender_group

str

 

esaamp_verdict

str

 

esaas_verdict

str

 

esaav_verdict

str

 

esacf_verdict

str

 

esadcid

str

 

esadkim_verdict

str

 

esadlp_verdict

str

 

esadmarc_verdict

str

 

esagm_verdict

str

 

esaicid

str

 

esamf_verdict

str

 

esamid

str

 

esaof_verdict

str

 

esasdr_domain_age

str

 

esaspf_verdict

str

 

esatls_in_cipher

str

 

esatls_in_conn_status

str

 

esatls_in_protocol

str

 

esatls_out_cipher

str

 

esatls_out_conn_status

str

 

esatls_out_protocol

str

 

esaurl_details

str

 

source_address

str

 

source_host_name

str

 

start_time

str

 

hostchain

str

 

tag

str

cef_tag

rawMessage

str

 

Anchor
tag3
tag3
cef0.cisco.ciscoIntrusionPreventionSystem

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

c6a1Label

str

 

c6a1

str

 

c6a2Label

str

 

c6a2

str

 

c6a3Label

str

 

c6a3

str

 

c6a4Label

str

 

c6a4

str

 

cfp1Label

str

 

cfp1

float8

 

cfp2Label

str

 

cfp2

float8

 

cfp3Label

str

 

cfp3

float8

 

cfp4Label

str

 

cfp4

float8

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cnt

int4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationDnsDomain

str

 

destinationServiceName

str

 

destinationTranslatedAddress

ip4

 

destinationTranslatedPort

int4

 

deviceCustomDate1Label

str

 

deviceCustomDate1

timestamp

 

deviceCustomDate2Label

str

 

deviceCustomDate2

timestamp

 

deviceDirection

int4

 

deviceDnsDomain

str

 

deviceExternalId

str

 

deviceInboundInterface

str

 

deviceMacAddress

str

 

deviceNtDomain

str

 

deviceOutboundInterface

str

 

deviceProcessName

str

 

deviceTranslatedAddress

ip4

 

dhost

str

 

dmac

str

 

dntdom

str

 

dpid

int4

 

dpriv

str

 

dproc

str

 

dst

ip4

 

duid

str

 

duser

str

 

dvchost

str

 

dvc

ip4

 

dvcpid

int4

 

end

timestamp

 

deviceFacility

str

 

externalId

str

 

fileCreateTime

timestamp

 

fileHash

str

 

fileId

str

 

fileModificationTime

timestamp

 

filePath

str

 

filePermission

str

 

fileType

str

 

fname

str

 

fsize

int8

 

in

int8

 

msg

str

 

oldFileCreateTime

timestamp

 

oldFileHash

str

 

oldFileId

str

 

oldFileModificationTime

timestamp

 

oldFileName

str

 

oldFilePath

str

 

oldFilePermission

str

 

oldFileSize

int8

 

oldFileType

str

 

outcome

str

 

out

int8

 

proto

str

 

reason

str

 

requestClientApplication

str

 

requestCookies

str

 

requestMethod

str

 

request

str

 

rt

timestamp

 

shost

str

 

smac

str

 

sntdom

str

 

sourceDnsDomain

str

 

sourceServiceName

str

 

sourceTranslatedAddress

ip4

 

sourceTranslatedPort

int4

 

spid

int4

 

spriv

str

 

sproc

str

 

spt

int4

 

src

ip4

 

start

timestamp

 

suid

str

 

suser

str

 

catdt

str

 

deviceDomain

str

 

deviceSeverity

str

 

dpt

int4

 

dtz

str

 

dvcmac

str

 

endTime

str

 

eventId

str

 

flexNumber1

str

 

flexNumber1Label

str

 

flexNumber2

str

 

flexNumber2Label

str

 

flexString1

str

 

flexString1Label

str

 

flexString2

str

 

flexString2Label

str

 

modelConfidence

int4

 

priority

int4

 

relevance

int4

 

requestContext

str

 

sessionId

str

 

slat

float8

 

slong

float8

 

dlat

float8

 

dlong

float8

 

sourceGeoCountryCode

str

 

sourceGeoLocationInfo

str

 

sourceGeoPostalCode

str

 

sourceGeoRegionCode

str

 

destinationGeoCountryCode

str

 

destinationGeoLocationInfo

str

 

destinationGeoPostalCode

str

 

destinationGeoRegionCode

str

 

agt

ip4

 

ahost

str

 

art

str

 

atz

str

 

mrt

timestamp

 

categoryBehavior

str

 

categoryCustomFormatField

str

 

categoryDeviceGroup

str

 

categoryObject

str

 

categoryOutcome

str

 

categorySignificance

str

 

categoryTechnique

str

 

categoryTupleDescription

str

 

assetCriticality

str

 

customerID

str

 

customerURI

str

 

tag

str

cefTag

rawMessage

str

 

hostchain

str

 

Anchor
tag4
tag4
cef0.cisco.ciscoSecureAcs

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

c6a1Label

str

 

c6a1

str

 

c6a2Label

str

 

c6a2

str

 

c6a3Label

str

 

c6a3

str

 

c6a4Label

str

 

c6a4

str

 

cfp1Label

str

 

cfp1

float8

 

cfp2Label

str

 

cfp2

float8

 

cfp3Label

str

 

cfp3

float8

 

cfp4Label

str

 

cfp4

float8

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cnt

int4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationDnsDomain

str

 

destinationServiceName

str

 

destinationTranslatedAddress

ip4

 

destinationTranslatedPort

int4

 

deviceCustomDate1Label

str

 

deviceCustomDate1

timestamp

 

deviceCustomDate2Label

str

 

deviceCustomDate2

timestamp

 

deviceDirection

int4

 

deviceDnsDomain

str

 

deviceExternalId

str

 

deviceInboundInterface

str

 

deviceMacAddress

str

 

deviceNtDomain

str

 

deviceOutboundInterface

str

 

deviceProcessName

str

 

deviceTranslatedAddress

ip4

 

dhost

str

 

dmac

str

 

dntdom

str

 

dpid

int4

 

dpriv

str

 

dproc

str

 

dst

ip4

 

duid

str

 

duser

str

 

dvchost

str

 

dvc

ip4

 

dvcpid

int4

 

end

timestamp

 

deviceFacility

str

 

externalId

str

 

fileCreateTime

timestamp

 

fileHash

str

 

fileId

str

 

fileModificationTime

timestamp

 

filePath

str

 

filePermission

str

 

fileType

str

 

fname

str

 

fsize

int8

 

in

int8

 

msg

str

 

oldFileCreateTime

timestamp

 

oldFileHash

str

 

oldFileId

str

 

oldFileModificationTime

timestamp

 

oldFileName

str

 

oldFilePath

str

 

oldFilePermission

str

 

oldFileSize

int8

 

oldFileType

str

 

outcome

str

 

out

int8

 

proto

str

 

reason

str

 

requestClientApplication

str

 

requestCookies

str

 

requestMethod

str

 

request

str

 

rt

timestamp

 

shost

str

 

smac

str

 

sntdom

str

 

sourceDnsDomain

str

 

sourceServiceName

str

 

sourceTranslatedAddress

ip4

 

sourceTranslatedPort

int4

 

spid

int4

 

spriv

str

 

sproc

str

 

spt

int4

 

src

ip4

 

start

timestamp

 

suid

str

 

suser

str

 

catdt

str

 

deviceDomain

str

 

deviceSeverity

str

 

dpt

int4

 

dtz

str

 

dvcmac

str

 

endTime

str

 

eventId

str

 

flexNumber1

str

 

flexNumber1Label

str

 

flexNumber2

str

 

flexNumber2Label

str

 

flexString1

str

 

flexString1Label

str

 

flexString2

str

 

flexString2Label

str

 

modelConfidence

int4

 

priority

int4

 

relevance

int4

 

requestContext

str

 

sessionId

str

 

slat

float8

 

slong

float8

 

dlat

float8

 

dlong

float8

 

sourceGeoCountryCode

str

 

sourceGeoLocationInfo

str

 

sourceGeoPostalCode

str

 

sourceGeoRegionCode

str

 

destinationGeoCountryCode

str

 

destinationGeoLocationInfo

str

 

destinationGeoPostalCode

str

 

destinationGeoRegionCode

str

 

agt

ip4

 

ahost

str

 

art

str

 

atz

str

 

mrt

timestamp

 

categoryBehavior

str

 

categoryCustomFormatField

str

 

categoryDeviceGroup

str

 

categoryObject

str

 

categoryOutcome

str

 

categorySignificance

str

 

categoryTechnique

str

 

categoryTupleDescription

str

 

assetCriticality

str

 

customerID

str

 

customerURI

str

 

tag

str

cefTag

rawMessage

str

 

hostchain

str

 

Rw tab
title57-810

Anchor
tag5
tag5
cef0.cisco.ciscorouter

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

c6a1Label

str

 

c6a1

str

 

c6a2Label

str

 

c6a2

str

 

c6a3Label

str

 

c6a3

str

 

c6a4Label

str

 

c6a4

str

 

cfp1Label

str

 

cfp1

float8

 

cfp2Label

str

 

cfp2

float8

 

cfp3Label

str

 

cfp3

float8

 

cfp4Label

str

 

cfp4

float8

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cnt

int4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationDnsDomain

str

 

destinationServiceName

str

 

destinationTranslatedAddress

ip4

 

destinationTranslatedPort

int4

 

deviceCustomDate1Label

str

 

deviceCustomDate1

timestamp

 

deviceCustomDate2Label

str

 

deviceCustomDate2

timestamp

 

deviceDirection

int4

 

deviceDnsDomain

str

 

deviceExternalId

str

 

deviceInboundInterface

str

 

deviceMacAddress

str

 

deviceNtDomain

str

 

deviceOutboundInterface

str

 

deviceProcessName

str

 

deviceTranslatedAddress

ip4

 

dhost

str

 

dmac

str

 

dntdom

str

 

dpid

int4

 

dpriv

str

 

dproc

str

 

dst

ip4

 

duid

str

 

duser

str

 

dvchost

str

 

dvc

ip4

 

dvcpid

int4

 

end

timestamp

 

deviceFacility

str

 

externalId

str

 

fileCreateTime

timestamp

 

fileHash

str

 

fileId

str

 

fileModificationTime

timestamp

 

filePath

str

 

filePermission

str

 

fileType

str

 

fname

str

 

fsize

int8

 

in

int8

 

msg

str

 

oldFileCreateTime

timestamp

 

oldFileHash

str

 

oldFileId

str

 

oldFileModificationTime

timestamp

 

oldFileName

str

 

oldFilePath

str

 

oldFilePermission

str

 

oldFileSize

int8

 

oldFileType

str

 

outcome

str

 

out

int8

 

proto

str

 

reason

str

 

requestClientApplication

str

 

requestCookies

str

 

requestMethod

str

 

request

str

 

rt

timestamp

 

shost

str

 

smac

str

 

sntdom

str

 

sourceDnsDomain

str

 

sourceServiceName

str

 

sourceTranslatedAddress

ip4

 

sourceTranslatedPort

int4

 

spid

int4

 

spriv

str

 

sproc

str

 

spt

int4

 

src

ip4

 

start

timestamp

 

suid

str

 

suser

str

 

catdt

str

 

deviceDomain

str

 

deviceSeverity

str

 

dpt

int4

 

dtz

str

 

dvcmac

str

 

endTime

str

 

eventId

str

 

flexNumber1

str

 

flexNumber1Label

str

 

flexNumber2

str

 

flexNumber2Label

str

 

flexString1

str

 

flexString1Label

str

 

flexString2

str

 

flexString2Label

str

 

modelConfidence

int4

 

priority

int4

 

relevance

int4

 

requestContext

str

 

sessionId

str

 

slat

float8

 

slong

float8

 

dlat

float8

 

dlong

float8

 

sourceGeoCountryCode

str

 

sourceGeoLocationInfo

str

 

sourceGeoPostalCode

str

 

sourceGeoRegionCode

str

 

destinationGeoCountryCode

str

 

destinationGeoLocationInfo

str

 

destinationGeoPostalCode

str

 

destinationGeoRegionCode

str

 

agt

ip4

 

ahost

str

 

art

str

 

atz

str

 

mrt

timestamp

 

categoryBehavior

str

 

categoryCustomFormatField

str

 

categoryDeviceGroup

str

 

categoryObject

str

 

categoryOutcome

str

 

categorySignificance

str

 

categoryTechnique

str

 

categoryTupleDescription

str

 

assetCriticality

str

 

customerID

str

 

customerURI

str

 

tag

str

cefTag

rawMessage

str

 

hostchain

str

 

Anchor
tag6
tag6
cef0.cisco.fireamp

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

c6a4Label

str

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

dst

ip4

 

dpt

int4

 

rt

timestamp

 

shost

str

 

src

ip4

 

suid

str

 

suser

str

 

agentZoneURI

str

 

agt

str

 

ahost

str

 

aid

str

 

amac

str

 

art

str

 

at

str

 

atz

str

 

av

str

 

customerURI

str

 

destinationZoneURI

str

 

deviceSeverity

str

 

dtz

str

 

eventId

str

 

geid

str

 

sourceZoneURI

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

Anchor
tag7
tag7
cef0.cisco.firepower

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

c6a2

str

 

c6a3

str

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationDnsDomain

str

 

destinationServiceName

str

 

deviceDirection

int4

 

deviceExternalId

str

 

deviceInboundInterface

str

 

deviceOutboundInterface

str

 

dst

ip4

 

dpt

int4

 

dvchost

str

 

dvcpid

int4

 

end

timestamp

 

external_id

str

 

fileHash

str

 

fileType

str

 

fname

str

 

proto

str

 

reason

str

 

requestClientApplication

str

 

request

str

 

rt

timestamp

 

sourceServiceName

str

 

src

ip4

 

spt

int4

 

start

timestamp

 

suser

str

 

bytesIn

str

 

bytesOut

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

Anchor
tag8
tag8
cef0.cisco.fwsm

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

c6a1Label

str

 

c6a1

str

 

c6a2Label

str

 

c6a2

str

 

c6a3Label

str

 

c6a3

str

 

c6a4Label

str

 

c6a4

str

 

cfp1Label

str

 

cfp1

float8

 

cfp2Label

str

 

cfp2

float8

 

cfp3Label

str

 

cfp3

float8

 

cfp4Label

str

 

cfp4

float8

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cnt

int4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationDnsDomain

str

 

destinationServiceName

str

 

destinationTranslatedAddress

ip4

 

destinationTranslatedPort

int4

 

deviceCustomDate1Label

str

 

deviceCustomDate1

timestamp

 

deviceCustomDate2Label

str

 

deviceCustomDate2

timestamp

 

deviceDirection

int4

 

deviceDnsDomain

str

 

deviceExternalId

str

 

deviceInboundInterface

str

 

deviceMacAddress

str

 

deviceNtDomain

str

 

deviceOutboundInterface

str

 

deviceProcessName

str

 

deviceTranslatedAddress

ip4

 

dhost

str

 

dmac

str

 

dntdom

str

 

dpid

int4

 

dpriv

str

 

dproc

str

 

dst

ip4

 

duid

str

 

duser

str

 

dvchost

str

 

dvc

ip4

 

dvcpid

int4

 

end

timestamp

 

deviceFacility

str

 

externalId

str

 

fileCreateTime

timestamp

 

fileHash

str

 

fileId

str

 

fileModificationTime

timestamp

 

filePath

str

 

filePermission

str

 

fileType

str

 

fname

str

 

fsize

int8

 

in

int8

 

msg

str

 

oldFileCreateTime

timestamp

 

oldFileHash

str

 

oldFileId

str

 

oldFileModificationTime

timestamp

 

oldFileName

str

 

oldFilePath

str

 

oldFilePermission

str

 

oldFileSize

int8

 

oldFileType

str

 

outcome

str

 

out

int8

 

proto

str

 

reason

str

 

requestClientApplication

str

 

requestCookies

str

 

requestMethod

str

 

request

str

 

rt

timestamp

 

shost

str

 

smac

str

 

sntdom

str

 

sourceDnsDomain

str

 

sourceServiceName

str

 

sourceTranslatedAddress

ip4

 

sourceTranslatedPort

int4

 

spid

int4

 

spriv

str

 

sproc

str

 

spt

int4

 

src

ip4

 

start

timestamp

 

suid

str

 

suser

str

 

catdt

str

 

deviceDomain

str

 

deviceSeverity

str

 

dpt

int4

 

dtz

str

 

dvcmac

str

 

endTime

str

 

eventId

str

 

flexNumber1

str

 

flexNumber1Label

str

 

flexNumber2

str

 

flexNumber2Label

str

 

flexString1

str

 

flexString1Label

str

 

flexString2

str

 

flexString2Label

str

 

modelConfidence

int4

 

priority

int4

 

relevance

int4

 

requestContext

str

 

sessionId

str

 

slat

float8

 

slong

float8

 

dlat

float8

 

dlong

float8

 

sourceGeoCountryCode

str

 

sourceGeoLocationInfo

str

 

sourceGeoPostalCode

str

 

sourceGeoRegionCode

str

 

destinationGeoCountryCode

str

 

destinationGeoLocationInfo

str

 

destinationGeoPostalCode

str

 

destinationGeoRegionCode

str

 

agt

ip4

 

ahost

str

 

art

str

 

atz

str

 

mrt

timestamp

 

categoryBehavior

str

 

categoryCustomFormatField

str

 

categoryDeviceGroup

str

 

categoryObject

str

 

categoryOutcome

str

 

categorySignificance

str

 

categoryTechnique

str

 

categoryTupleDescription

str

 

assetCriticality

str

 

customerID

str

 

customerURI

str

 

tag

str

cefTag

rawMessage

str

hostchain

str

Rw tab
title911-1214

Anchor
tag9
tag9
cef0.cisco.ironport

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cnt

int4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

deviceExternalId

str

 

dst

ip4

 

msg

str

 

rt

timestamp

 

agt

ip4

 

ahost

str

 

aid

str

 

arcSightEventPath

str

 

art

str

 

assetCriticality

int4

 

at

str

 

atz

str

 

av

str

 

catdt

str

 

categoryBehavior

str

 

categoryDeviceGroup

str

 

categoryObject

str

 

categoryOutcome

str

 

categorySignificance

str

 

customerID

str

 

customerURI

str

 

destinationAssetId

str

 

destinationGeoCountryCode

str

 

destinationGeoLocationInfo

str

 

destinationGeoRegionCode

str

 

destinationZoneID

str

 

destinationZoneURI

str

 

deviceSeverity

str

 

dlat

float8

 

dlong

float8

 

dtz

str

 

eventAnnotationAuditTrail

str

 

eventAnnotationEndTime

timestamp

 

eventAnnotationEventId

str

 

eventAnnotationFlags

str

 

eventAnnotationManagerReceiptTime

timestamp

 

eventAnnotationModificationTime

timestamp

 

eventAnnotationStageID

str

 

eventAnnotationStageUpdateTime

timestamp

 

eventAnnotationStageURI

str

 

eventAnnotationVersion

int4

 

eventId

str

 

locality

int4

 

modelConfidence

int4

 

mrt

timestamp

 

priority

int4

 

relevance

int4

 

tag

str

cefTag

rawMessage

str

 

hostchain

str

 

Anchor
tag10
tag10
cef0.cisco.ironportAmp

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

dvc

ip4

 

cs3Label

str

 

cn1

int8

 

msg

str

 

cs4Label

str

 

cs1

str

 

cn1Label

str

 

deviceCustomDate1Label

str

 

cn3Label

str

 

cn2Label

str

 

rt

timestamp

 

fname

str

 

out

int8

 

cs2Label

str

 

cs5Label

str

 

cs2

str

 

cn2

int8

 

act

str

 

in

int8

 

cs6Label

str

 

fileType

str

 

cs1Label

str

 

categoryDeviceGroup

str

 

dtz

str

 

deviceZoneID

str

 

categoryObject

str

 

eventAnnotationAuditTrail

str

 

eventAnnotationVersion

str

 

eventAnnotationModificationTime

str

 

art

str

 

categorySignificance

str

 

eventId

str

 

originalAgentAddress

str

 

at

str

 

mrt

str

 

customerURI

str

 

originalAgentZoneURI

str

 

assetCriticality

str

 

eventAnnotationFlags

str

 

agt

str

 

categoryBehavior

str

 

modelConfidence

str

 

aid

str

 

amac

str

 

Severity

str

 

relevance

str

 

av

str

 

eventAnnotationStageUpdateTime

str

 

categoryOutcome

str

 

locality

str

 

ahost

str

 

originalAgentVersion

str

 

customerID

str

 

atz

str

 

originalAgentMacAddress

str

 

originalAgentType

str

 

deviceSeverity

str

 

originalAgentId

str

 

eventAnnotationManagerReceiptTime

str

 

originalAgentHostName

str

 

priority

str

 

deviceZoneURI

str

 

eventAnnotationEndTime

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

Anchor
tag11
tag11
cef0.cisco.ironportAuthentication

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

dvchost

str

 

in

int8

 

rt

timestamp

 

end

timestamp

 

out

int8

 

dtz

str

 

eventAnnotationAuditTrail

str

 

eventAnnotationVersion

str

 

eventAnnotationModificationTime

str

 

art

str

 

originalAgentAddress

str

 

eventId

str

 

at

str

 

mrt

str

 

customerURI

str

 

originalAgentZoneURI

str

 

assetCriticality

str

 

eventAnnotationFlags

str

 

agt

str

 

modelConfidence

str

 

aid

str

 

amac

str

 

Severity

str

 

relevance

str

 

av

str

 

eventAnnotationStageUpdateTime

str

 

locality

str

 

ahost

str

 

originalAgentVersion

str

 

customerID

str

 

atz

str

 

originalAgentMacAddress

str

 

originalAgentType

str

 

originalAgentId

str

 

eventAnnotationManagerReceiptTime

str

 

originalAgentHostName

str

 

priority

str

 

eventAnnotationEndTime

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

Anchor
tag12
tag12
cef0.cisco.merakiAccessPoint

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

cat

str

 

c6a4Label

str

 

dst

ip4

 

dpt

int4

 

dvchost

str

 

msg

str

 

proto

str

 

requestMethod

str

 

request

str

 

rt

timestamp

 

smac

str

 

src

ip4

 

spt

int4

 

agentZoneURI

str

 

agt

str

 

ahost

str

 

aid

str

 

amac

str

 

art

str

 

at

str

 

atz

str

 

av

str

 

categoryBehavior

str

 

categoryDeviceGroup

str

 

categoryObject

str

 

categoryOutcome

str

 

categorySignificance

str

 

customerURI

str

 

destinationZoneURI

str

 

dtz

str

 

eventId

str

 

geid

str

 

sourceZoneURI

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

Rw tab
title1315-1618

Anchor
tag13
tag13
cef0.cisco.nxOs

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

c6a1Label

str

 

c6a1

str

 

c6a2Label

str

 

c6a2

str

 

c6a3Label

str

 

c6a3

str

 

c6a4Label

str

 

c6a4

str

 

cfp1Label

str

 

cfp1

float8

 

cfp2Label

str

 

cfp2

float8

 

cfp3Label

str

 

cfp3

float8

 

cfp4Label

str

 

cfp4

float8

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cnt

int4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationDnsDomain

str

 

destinationServiceName

str

 

destinationTranslatedAddress

ip4

 

destinationTranslatedPort

int4

 

deviceCustomDate1Label

str

 

deviceCustomDate1

timestamp

 

deviceCustomDate2Label

str

 

deviceCustomDate2

timestamp

 

deviceDirection

int4

 

deviceDnsDomain

str

 

deviceExternalId

str

 

deviceInboundInterface

str

 

deviceMacAddress

str

 

deviceNtDomain

str

 

deviceOutboundInterface

str

 

deviceProcessName

str

 

deviceTranslatedAddress

ip4

 

dhost

str

 

dmac

str

 

dntdom

str

 

dpid

int4

 

dpriv

str

 

dproc

str

 

dst

ip4

 

duid

str

 

duser

str

 

dvchost

str

 

dvc

ip4

 

dvcpid

int4

 

end

timestamp

 

deviceFacility

str

 

externalId

str

 

fileCreateTime

timestamp

 

fileHash

str

 

fileId

str

 

fileModificationTime

timestamp

 

filePath

str

 

filePermission

str

 

fileType

str

 

fname

str

 

fsize

int8

 

in

int8

 

msg

str

 

oldFileCreateTime

timestamp

 

oldFileHash

str

 

oldFileId

str

 

oldFileModificationTime

timestamp

 

oldFileName

str

 

oldFilePath

str

 

oldFilePermission

str

 

oldFileSize

int8

 

oldFileType

str

 

outcome

str

 

out

int8

 

proto

str

 

reason

str

 

requestClientApplication

str

 

requestCookies

str

 

requestMethod

str

 

request

str

 

rt

timestamp

 

shost

str

 

smac

str

 

sntdom

str

 

sourceDnsDomain

str

 

sourceServiceName

str

 

sourceTranslatedAddress

ip4

 

sourceTranslatedPort

int4

 

spid

int4

 

spriv

str

 

sproc

str

 

spt

int4

 

src

ip4

 

start

timestamp

 

suid

str

 

suser

str

 

catdt

str

 

deviceDomain

str

 

deviceSeverity

str

 

dpt

int4

 

dtz

str

 

dvcmac

str

 

endTime

str

 

eventId

str

 

flexNumber1

str

 

flexNumber1Label

str

 

flexNumber2

str

 

flexNumber2Label

str

 

flexString1

str

 

flexString1Label

str

 

flexString2

str

 

flexString2Label

str

 

modelConfidence

int4

 

priority

int4

 

relevance

int4

 

requestContext

str

 

sessionId

str

 

slat

float8

 

slong

float8

 

dlat

float8

 

dlong

float8

 

sourceGeoCountryCode

str

 

sourceGeoLocationInfo

str

 

sourceGeoPostalCode

str

 

sourceGeoRegionCode

str

 

destinationGeoCountryCode

str

 

destinationGeoLocationInfo

str

 

destinationGeoPostalCode

str

 

destinationGeoRegionCode

str

 

agt

ip4

 

ahost

str

 

art

str

 

atz

str

 

mrt

timestamp

 

categoryBehavior

str

 

categoryCustomFormatField

str

 

categoryDeviceGroup

str

 

categoryObject

str

 

categoryOutcome

str

 

categorySignificance

str

 

categoryTechnique

str

 

categoryTupleDescription

str

 

assetCriticality

str

 

customerID

str

 

customerURI

str

 

tag

str

cefTag

rawMessage

str

 

hostchain

str

 

Anchor
tag14
tag14
cef0.cisco.stealthwatch

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationTranslatedAddress

ip4

 

destinationTranslatedPort

int4

 

deviceExternalId

str

 

dst

ip4

 

dpt

int4

 

dvchost

str

 

dvc

ip4

 

dvcpid

int4

 

externalId

str

 

msg

str

 

proto

str

 

sourceTranslatedAddress

ip4

 

sourceTranslatedPort

int4

 

src

ip4

 

spt

int4

 

start

str

 

end

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

Anchor
tag15
tag15
cef0.cisco.umbrella

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

end

timestamp

 

rt

timestamp

 

src

ip4

 

cs1Label

str

 

sourceTranslatedAddress

ip4

 

cs2Label

str

 

act

str

 

cs2

str

 

in

int8

 

out

int8

 

dhost

str

 

dvchost

str

 

cs1

str

 

eventId

str

 

modelConfidence

str

 

eventAnnotationAuditTrail

str

 

customerID

str

 

agt

str

 

sourceZoneURI

str

 

originalAgentHostName

str

 

Severity

str

 

relevance

str

 

aid

str

 

av

str

 

originalAgentVersion

str

 

eventAnnotationEndTime

str

 

eventAnnotationManagerReceiptTime

str

 

originalAgentId

str

 

originalAgentType

str

 

slong

str

 

locality

str

 

eventAnnotationModificationTime

str

 

priority

str

 

customerURI

str

 

sourceZoneID

str

 

originalAgentAddress

str

 

at

str

 

originalAgentMacAddress

str

 

slat

str

 

dtz

str

 

eventAnnotationStageUpdateTime

str

 

eventAnnotationVersion

str

 

atz

str

 

deviceSeverity

str

 

sourceTranslatedZoneExternalID

str

 

assetCriticality

str

 

ahost

str

 

sourceTranslatedZoneURI

str

 

mrt

str

 

sourceTranslatedZoneID

str

 

eventAnnotationFlags

str

 

art

str

 

originalAgentZoneURI

str

 

amac

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

Anchor
tag16
tag16
cef0.cisco.wirelessLanController

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

cs3Label

str

 

cn1

int8

 

msg

str

 

dvchost

str

 

cs4Label

str

 

cs1

str

 

cn1Label

str

 

smac

str

 

dmac

str

 

rt

timestamp

 

cs4

str

 

spt

int4

 

out

int8

 

cs2Label

str

 

cs5Label

str

 

cs2

str

 

src

ip4

 

in

int8

 

duser

str

 

spid

int4

 

cs1Label

str

 

dtz

str

 

sourceZoneID

str

 

slong

str

 

eventAnnotationAuditTrail

str

 

eventAnnotationVersion

str

 

eventAnnotationModificationTime

str

 

art

str

 

originalAgentAddress

str

 

eventId

str

 

at

str

 

mrt

str

 

customerURI

str

 

originalAgentZoneURI

str

 

sourceZoneURI

str

 

assetCriticality

str

 

eventAnnotationFlags

str

 

agt

str

 

modelConfidence

str

 

aid

str

 

amac

str

 

slat

str

 

Severity

str

 

relevance

str

 

av

str

 

eventAnnotationStageUpdateTime

str

 

catdt

str

 

locality

str

 

ahost

str

 

originalAgentVersion

str

 

customerID

str

 

atz

str

 

originalAgentMacAddress

str

 

originalAgentType

str

 

deviceSeverity

str

 

originalAgentId

str

 

eventAnnotationManagerReceiptTime

str

 

originalAgentHostName

str

 

priority

str

 

eventAnnotationEndTime

str

 

hostchain

str

 

tag

str

cefTag

rawMessage

str