Introduction
The tables beginning with cef0.xss identify events in CEF format generated by Zscaler products.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
cef0.xss.filtro_xss
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
cef0.xss.filtro_xss
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
| |
hostname |
|
| |
priorityCode |
|
| |
cefTag |
|
| |
cefVersion |
|
| |
embDeviceVendor |
|
| |
embDeviceProduct |
|
| |
deviceVersion |
|
| |
signatureID |
|
| |
name |
|
| |
severity |
|
| |
_cefVer |
|
| |
dst |
|
| |
requestClientApplication |
|
| |
requestMethod |
|
| |
request |
|
| |
src |
|
| |
in |
|
| |
rt |
|
| |
out |
|
| |
filePath |
|
| |
sourceTranslatedAddress |
|
| |
sourceTranslatedZoneID |
|
| |
destinationGeoCountryCode |
|
| |
sourceZoneID |
|
| |
slong |
|
| |
sourceGeoRegionCode |
|
| |
art |
|
| |
eventId |
|
| |
sourceGeoPostalCode |
|
| |
mrt |
|
| |
customerURI |
|
| |
dlat |
|
| |
sourceZoneURI |
|
| |
assetCriticality |
|
| |
destinationZoneID |
| ||
destinationGeoLocationInfo |
| ||
sourceGeoCountryCode |
| ||
modelConfidence |
| ||
destinationGeoPostalCode |
| ||
slat |
| ||
Severity |
| ||
relevance |
| ||
destinationGeoRegionCode |
| ||
customerID |
| ||
dlong |
| ||
sourceTranslatedZoneURI |
| ||
priority |
| ||
sourceGeoLocationInfo |
| ||
destinationZoneURI |
| ||
hostchain |
| ✓ | |
tag |
| cefTag | ✓ |
rawMessage |
|