Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Current »

Introduction

The tags beginning with rbi.menlo identify events generated by Menlo Security Browser Isolation (inside the Menlo Security Cloud Platform) belonging to Menlo Security.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as rbi.menlo. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Menlo Security Browser Isolation (inside the Menlo Security Cloud Platform)

rbi.menlo.attachment

rbi.menlo.attachment

rbi.menlo.audit

rbi.menlo.audit

rbi.menlo.email

rbi.menlo.email

rbi.menlo.smtp

rbi.menlo.smtp

rbi.menlo.web

rbi.menlo.web

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

rbi.menlo.attachment

Field

Type

Extra fields

eventdate

timestamp

hostname

str

product

str

rvlabs_factor

str

vendor

str

rewritten

str

event_time

timestamp

file_type

str

bytes

str

name

str

message_tid

str

reason

str

version

str

email_date

str

sha256

str

message_id

str

mime_type

str

severity

str

hostchain

str

tag

str

rawMessage

str

rbi.menlo.audit

Field

Type

Extra fields

eventdate

timestamp

hostname

str

product

str

vendor

str

uid

str

event_time

timestamp

name

str

version

str

audit_actions

str

sub_event_type

str

rev_id

str

severity

str

hostchain

str

tag

str

rawMessage

str

rbi.menlo.email

Field

Type

Extra fields

eventdate

timestamp

hostname

str

domain

str

vendor

str

rewritten

str

event_time

timestamp

message_tid

str

charset

str

product

str

name

str

url

str

reason

str

version

str

email_date

str

message_id

str

severity

str

hostchain

str

tag

str

rawMessage

str

rbi.menlo.smtp

Field

Type

Extra fields

eventdate

timestamp

hostname

str

severity

str

smtp_reply

str

time_handoff_down

float8

total_links

int4

rows

int4

from2

str

next_hop_reason

str

event_time

timestamp

src_tls

str

hostname2

str

src_ip

ip4

to

str

version

str

message_id

str

product

str

vendor

str

timestamp

timestamp

src_port

str

reason

str

dst_tls

str

rewritten_links

int4

time_taken

float8

rewrite_success

str

time_handoff_up

float8

name

str

message_tid

str

region

str

unix_time

str

unix_time_iso

timestamp

mode

str

dst_ip

ip4

dst_from_port

str

hostchain

str

tag

str

rawMessage

str

rbi.menlo.web

Field

Type

Extra fields

eventdate

timestamp

hostname

str

top_url

str

domain

str

protocol

str

risk_tally

str

is_iframe

str

origin_ip

ip4

has_password

str

file_size

str

browser_and_version

str

user_agent

str

egress_ip

ip4

severity

str

event_time

timestamp

dst

ip4

filename

str

risk_score

str

version

str

soph_dlp_ref

str

xff_ip

str

product

str

vendor

str

request_type

str

tab_id

str

pe_reason

str

categories

str

x_client_ip

ip4

name

str

url

str

response_code

str

userid

str

full_session_id

str

pe_action

str

ua_type

str

content_type

str

hostchain

str

tag

str

rawMessage

str

  • No labels