Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Current »

Introduction

The tables beginning with cef0.websense identify events in CEF format generated by xss products.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

  • cef0.websense.security 

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

cef0.websense.security

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

rawMessage

str

 

hostchain

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

act

str

 

app

str

 

DispositionCode

int8

cn1

ScanDuration

int8

cn2

Policy

str

cs1

DynCat

str

cs2

ContentType

str

cs3

destinationTranslatedPort

int4

 

dhost

str

 

dpt

int4

 

dst

ip4

 

dvc

ip4

 

in

int8

 

out

int8

 

reason

str

 

requestClientApplication

str

 

requestMethod

str

 

request

str

 

rt

timestamp

 

spt

int4

 

src

ip4

 

suser

str

 

tag

str

 cefTag

  • No labels