Introduction
The tags beginning with dmarc.sendmarc identify events generated by Sendmarc.
The full tag must have four levels. The first two are fixed as dmarc.sendmarc. The third level identifies the type of events sent. The fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|
Sendmarc DMARC | dmarc.sendmarc.bimi.domain
| dmarc.sendmarc.bimi.domain
|
dmarc.sendmarc.bimi.selector
| dmarc.sendmarc.bimi.selector
|
dmarc.sendmarc.dkim.domain
| dmarc.sendmarc.dkim.domain
|
dmarc.sendmarc.dkim.public_key
| dmarc.sendmarc.dkim.public_key
|
dmarc.sendmarc.ip_address.aggregate_records_report
| dmarc.sendmarc.ip_address.aggregate_records_report
|
dmarc.sendmarc.ip_address.domain
| dmarc.sendmarc.ip_address.domain
|
dmarc.sendmarc.ip_address.sender
| dmarc.sendmarc.ip_address.sender
|
dmarc.sendmarc.ip_address.source
| dmarc.sendmarc.ip_address.source
|
dmarc.sendmarc.sender.domain
| dmarc.sendmarc.sender.domain
|
dmarc.sendmarc.sender.domain_detail
| dmarc.sendmarc.sender.domain_detail
|
dmarc.sendmarc.setting.dmarc
| dmarc.sendmarc.setting.dmarc
|
dmarc.sendmarc.setting.spf
| dmarc.sendmarc.setting.spf
|
dmarc.sendmarc.setting.sts
| dmarc.sendmarc.setting.sts
|
dmarc.sendmarc.volume.group_total
| dmarc.sendmarc.volume.group_total
|
dmarc.sendmarc.volume.timeline
| dmarc.sendmarc.volume.timeline
|
dmarc.sendmarc.volume.total
| dmarc.sendmarc.volume.total
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in these tables:
dmarc.sendmarc.bimi.domain
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
uuid | str
| |
selector | str
| |
record_type | str
| |
value | str
| |
ttl | int4
| |
description | str
| |
image_url | str
| |
created_at | timestamp
| |
updated_at | timestamp
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.bimi.selector
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
uuid | str
| |
selector | str
| |
record_type | str
| |
value | str
| |
ttl | int4
| |
description | str
| |
image_url | str
| |
created_at | timestamp
| |
updated_at | timestamp
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.dkim.domain
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
uuid | str
| |
selector | str
| |
record_type | str
| |
value | str
| |
ttl | int4
| |
description | str
| |
created_at | timestamp
| |
updated_at | timestamp
| |
file_path | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.dkim.public_key
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
uuid | str
| |
selector | str
| |
record_type | str
| |
value | str
| |
ttl | int4
| |
description | str
| |
created_at | timestamp
| |
updated_at | timestamp
| |
file_path | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.ip_address.aggregate_records_report
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
rid | str
| |
organisation | str
| |
published_policy_p | str
| |
published_policy_sp | str
| |
published_policy_pct | int4
| |
published_policy_fo | str
| |
published_policy_adkim | str
| |
published_policy_aspf | str
| |
rrid | str
| |
count | int4
| |
policy_evaluated_disposition | str
| |
policy_evaluated_dkim | str
| |
policy_evaluated_spf | str
| |
policy_evaluated_override_reasons | str
| |
identifiers_envelope_to | str
| |
identifiers_envelope_from | str
| |
identifiers_header_from | str
| |
type | str
| |
domain | str
| |
result | str
| |
dkim_selector | str
| |
dkim_human_result | str
| |
spf_scope | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.ip_address.domain
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
total_incidents | str
| |
total_threat_incidents | str
| |
total_blacklisted_incidents | str
| |
total_complete_passes | str
| |
total_dkim_fails_spf_passes | str
| |
total_complete_failures | str
| |
total_overrides_none | str
| |
total_overrides_quarantine | str
| |
total_overrides_reject | str
| |
total_spf_fails_dkim_passes | str
| |
total_forwards | str
| |
source_uuid | str
| |
source_group_uuid | str
| |
organisation | str
| |
service | str
| |
service_type | str
| |
category | str
| |
asn | str
| |
isp | str
| |
source_ip | str
| |
source_ipv4 | ip4
| |
source_ipv6 | ip6
| |
host_name | str
| |
country | str
| |
threat_level | str
| |
threat_types | str
| |
is_blacklisted | int4
| |
blacklists | str
| |
country_name | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.ip_address.sender
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
total_incidents | str
| |
total_threat_incidents | str
| |
total_blacklisted_incidents | str
| |
total_complete_passes | str
| |
total_dkim_fails_spf_passes | str
| |
total_complete_failures | str
| |
total_overrides_none | str
| |
total_overrides_quarantine | str
| |
total_overrides_reject | str
| |
total_spf_fails_dkim_passes | str
| |
total_forwards | str
| |
source_uuid | str
| |
source_group_uuid | str
| |
organisation | str
| |
service | str
| |
service_type | str
| |
category | str
| |
asn | str
| |
isp | str
| |
source_ip | str
| |
source_ipv4 | ip4
| |
source_ipv6 | ip6
| |
host_name | str
| |
country | str
| |
threat_level | str
| |
threat_types | str
| |
is_blacklisted | int4
| |
blacklists | str
| |
country_name | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.ip_address.source
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
total_incidents | str
| |
total_threat_incidents | str
| |
total_blacklisted_incidents | str
| |
total_complete_passes | str
| |
total_dkim_fails_spf_passes | str
| |
total_complete_failures | str
| |
total_overrides_none | str
| |
total_overrides_quarantine | str
| |
total_overrides_reject | str
| |
total_spf_fails_dkim_passes | str
| |
total_forwards | str
| |
source_uuid | str
| |
source_group_uuid | str
| |
organisation | str
| |
service | str
| |
service_type | str
| |
category | str
| |
asn | str
| |
isp | str
| |
source_ip | str
| |
source_ipv4 | ip4
| |
source_ipv6 | ip6
| |
host_name | str
| |
country | str
| |
threat_level | str
| |
threat_types | str
| |
is_blacklisted | int4
| |
blacklists | str
| |
country_name | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.sender.domain
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
total_incidents | str
| |
total_threat_incidents | str
| |
total_blacklisted_incidents | str
| |
total_complete_passes | str
| |
total_dkim_fails_spf_passes | str
| |
total_complete_failures | str
| |
total_overrides_none | str
| |
total_overrides_quarantine | str
| |
total_overrides_reject | str
| |
total_spf_fails_dkim_passes | str
| |
total_forwards | str
| |
uuid | str
| |
organisation | str
| |
service | str
| |
service_type | str
| |
logo | str
| |
spf_include | str
| |
category | str
| |
domain_uuid | str
| |
is_spf_configured | int4
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.sender.domain_detail
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
total_incidents | str
| |
total_threat_incidents | str
| |
total_blacklisted_incidents | str
| |
total_complete_passes | str
| |
total_dkim_fails_spf_passes | str
| |
total_complete_failures | str
| |
total_overrides_none | str
| |
total_overrides_quarantine | str
| |
total_overrides_reject | str
| |
total_spf_fails_dkim_passes | str
| |
total_forwards | str
| |
uuid | str
| |
organisation | str
| |
service | str
| |
service_type | str
| |
logo | str
| |
spf_include | str
| |
category | str
| |
domain_uuid | str
| |
is_spf_configured | int4
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.setting.dmarc
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
policy | str
| |
subdomain_policy | str
| |
policy_percentage | int4
| |
aggregate_report_recipient_emails | str
| |
aggregate_report_interval | int4
| |
forensic_report_processing | str
| |
forensic_report_recipient_emails | str
| |
forensic_report_options | str
| |
forensic_report_format | str
| |
dkim_alignment | str
| |
spf_alignment | str
| |
created_at | timestamp
| |
updated_at | timestamp
| |
file_path | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.setting.spf
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
directives | str
| |
modifiers | str
| |
all_mechanism_qualifier | str
| |
enable_optimization | bool
| |
optimization_level | str
| |
optimization_expires_at | str
| |
optimization_meta_orig_num_lookup | int4
| |
optimization_meta_orig_num_secondary_lookup | int4
| |
optimization_meta_orig_num_void_lookup | int4
| |
optimization_meta_num_lookup | int4
| |
optimization_meta_num_secondary_lookup | int4
| |
created_at | timestamp
| |
updated_at | timestamp
| |
file_path | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.setting.sts
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
enabled | bool
| |
managed | bool
| |
severity | str
| |
created_at | timestamp
| |
updated_at | timestamp
| |
file_path | str
| |
policy | str
| |
mx_servers | str
| |
mta_sts | str
| |
tls_rpt | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.volume.group_total
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
total_incidents | str
| |
total_complete_passes | str
| |
total_spf_fails_dkim_passes | str
| |
total_dkim_fails_spf_passes | str
| |
total_complete_failures | str
| |
total_overrides_none | str
| |
total_overrides_quarantine | str
| |
total_overrides_reject | str
| |
total_sources | int4
| |
grouping | str
| |
grouping_value | str
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.volume.timeline
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
total_incidents | str
| |
total_complete_passes | str
| |
total_spf_fails_dkim_passes | str
| |
total_dkim_fails_spf_passes | str
| |
total_complete_failures | str
| |
total_overrides_none | str
| |
total_overrides_quarantine | str
| |
total_overrides_reject | str
| |
total_sources | int4
| |
date | timestamp
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
dmarc.sendmarc.volume.total
Field | Type | Extra fields |
|---|
eventdate | timestamp
| |
machine | str
| |
total_incidents | str
| |
total_complete_passes | str
| |
total_spf_fails_dkim_passes | str
| |
total_dkim_fails_spf_passes | str
| |
total_complete_failures | str
| |
total_overrides_none | str
| |
total_overrides_quarantine | str
| |
total_overrides_reject | str
| |
total_sources | int4
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |
