Introduction
The tags beginning with cef0.thycotic.applicationControlSolution identify events in CEF format generated by Anomali ThreatStream Threat Intelligence Management belonging to Anomali.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
Tags | Data tables |
|---|---|
|
|
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Table structure
These are the fields displayed in this table:
cef0.threatStream.enterprise
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
| |
hostname |
| hostchain | |
priority_code |
|
| |
cef_tag |
|
| |
cef_version |
|
| |
emb_device_vendor |
|
| |
emb_device_product |
|
| |
device_version |
|
| |
signature_id |
|
| |
name |
|
| |
severity |
|
| |
external_id |
|
| |
computer_id |
|
| |
computer_name |
|
| |
event_received_by_server |
|
| |
file_id |
|
| |
file_name |
|
| |
file_path |
|
| |
policy_name |
|
| |
username |
|
| |
hostchain |
|
| ✓ |
tag |
| | ✓ |
rawMessage |
| ✓ |