Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

[ Introduction ] [ Tag structure ] [ How is the data sent to Devo? ] [ Table structure ]

Introduction

The tags beginning with cef0.microsoft identify events in CEF format generated by Microsoft.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

Tags

Data tables

cef0.microsoft.adFs

cef0.microsoft.adFs

cef0.microsoft.azureActiveDirectory

cef0.microsoft.azureActiveDirectory

cef0.microsoft.azureActivity

cef0.microsoft.azureActivity

cef0.microsoft.azureIdentityAndAccess

cef0.microsoft.azureIdentityAndAccess

cef0.microsoft.azureReports

cef0.microsoft.azureReports

cef0.microsoft.azureSecurityCenter

cef0.microsoft.azureSecurityCenter

cef0.microsoft.compliance

cef0.microsoft.compliance

cef0.microsoft.crm

cef0.microsoft.crm

cef0.microsoft.dhcpServer

cef0.microsoft.dhcpServer

cef0.microsoft.dnsTraceLog

cef0.microsoft.dnsTraceLog

cef0.microsoft.esent

cef0.microsoft.esent

cef0.microsoft.exchangeOnline

cef0.microsoft.exchangeOnline

cef0.microsoft.exchangeServer

cef0.microsoft.exchangeServer

cef0.microsoft.forefrontProtection

cef0.microsoft.forefrontProtection

cef0.microsoft.gene6

cef0.microsoft.gene6

cef0.microsoft.iis

cef0.microsoft.iis

cef0.microsoft.internetInformationServer

cef0.microsoft.internetInformationServer

cef0.microsoft.isaServer

cef0.microsoft.isaServer

cef0.microsoft.localAdministratorPasswordSolution

cef0.microsoft.localAdministratorPasswordSolution

cef0.microsoft.microsoftAntimalware

cef0.microsoft.microsoftAntimalware

cef0.microsoft.microsoftAzuremfaAuthz

cef0.microsoft.microsoftAzuremfaAuthz

cef0.microsoft.microsoftFlow

cef0.microsoft.microsoftFlow

cef0.microsoft.microsoftStream

cef0.microsoft.microsoftStream

cef0.microsoft.microsoftTeams

cef0.microsoft.microsoftTeams

cef0.microsoft.microsoftWindows

cef0.microsoft.microsoftWindows

cef0.microsoft.microsoftWindowsWindowsupdateclient

cef0.microsoft.microsoftWindowsWindowsupdateclient

cef0.microsoft.nps

cef0.microsoft.nps

cef0.microsoft.o365Alerts

cef0.microsoft.o365Alerts

cef0.microsoft.onedrive

cef0.microsoft.onedrive

cef0.microsoft.powerapps

cef0.microsoft.powerapps

cef0.microsoft.powerbi

cef0.microsoft.powerbi

cef0.microsoft.projectOnline

cef0.microsoft.projectOnline

cef0.microsoft.radius

cef0.microsoft.radius

cef0.microsoft.sccm_fep

cef0.microsoft.sccm_fep

cef0.microsoft.securityComplianceCenter

cef0.microsoft.securityComplianceCenter

cef0.microsoft.sharepointOnline

cef0.microsoft.sharepointOnline

cef0.microsoft.sqlServer

cef0.microsoft.sqlServer

cef0.microsoft.systemOrApplicationEvent

cef0.microsoft.systemOrApplicationEvent

cef0.microsoft.threatIntelligence

cef0.microsoft.threatIntelligence

cef0.microsoft.vmcomputer

cef0.microsoft.vmcomputer

cef0.microsoft.windows

cef0.microsoft.windows

cef0.microsoft.windowsDefenderAtp

cef0.microsoft.windowsDefenderAtp

cef0.microsoft.yammer

cef0.microsoft.yammer

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in these tables:

  • No labels