View Source

Introduction

Tags beginning with auth.jumpcloud identify events generated by JumpCloud.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as auth.jumpcloud. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

JumpCloud

auth.jumpcloud.all.events

Union table

This is a union table that collects events from a set of tables for easy access and analysis.

Learn more about this union table in this article.

auth.jumpcloud.directory.events

auth.jumpcloud.ldap.events

auth.jumpcloud.mdm.events

auth.jumpcloud.radius.events

auth.jumpcloud.software.events

auth.jumpcloud.sso.events

auth.jumpcloud.systems.events

For more information, read more About Devo tags.

How is the data sent to Devo?

Use the JumpCloud collector. Documentation will be published in due course.

Table structure

These are the fields displayed in these tables:

auth.jumpcloud.directory.events
auth.jumpcloud.ldap.events
auth.jumpcloud.mdm.events
auth.jumpcloud.radius.events

auth.jumpcloud.directory.events

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
initiated_by__id	`str`
initiated_by__type	`str`
initiated_by__email	`str`
initiated_by__username	`str`
initiated_by__source	`str`
initiated_by__source_metadata__name	`str`
geoip__country_code	`str`
geoip__timezone	`str`
geoip__latitude	`float8`
geoip__continent_code	`str`
geoip__region_name	`str`
geoip__region_code	`str`
geoip__longitude	`float8`
resource__id	`str`
resource__type	`str`
resource__username	`str`
changes	`str`
auth_method	`str`
auth_context__system__hostname	`str`
auth_context__system__os	`str`
auth_context__system__display_name	`str`
auth_context__system__id	`str`
auth_context__system__version	`str`
success	`bool`
mfa	`bool`
event_type	`str`
provider	`str`
service	`str`
organization	`str`
at_version	`str`
client_ip	`ip4`
client_ipv6	`ip6`
id	`str`
user_agent__patch	`str`
user_agent__minor	`str`
user_agent__os	`str`
user_agent__major	`str`
user_agent__build	`str`
user_agent__name	`str`
user_agent__os_name	`str`
user_agent__device	`str`
association__type	`str`
association__id	`str`
association__email	`str`
timestamp	`timestamp`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

auth.jumpcloud.ldap.events

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
err	`str`
error_message	`str`
initiated_by__type	`str`
initiated_by__username	`str`
initiated_by__email	`str`
start_tls	`bool`
tls_established	`bool`
dn	`str`
mech	`str`
auth_method	`str`
event_type	`str`
connection_id	`str`
port	`str`
success	`bool`
service	`str`
organization	`str`
at_version	`str`
error_code	`str`
id	`str`
oid	`str`
base	`str`
scope	`str`
filter	`str`
operation_number	`str`
username	`str`
timestamp	`timestamp`
deref	`int4`
operation_type	`str`
number_of_results	`int4`
attr	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

auth.jumpcloud.mdm.events

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
mdm_type	`str`
request_type	`str`
mdm_device_id	`str`
mdm_device_manager_id	`str`
command__request_type	`str`
command__payload	`str`
event_type	`str`
command_uuid	`str`
service	`str`
organization	`str`
at_version	`str`
error_chain	`str`
id	`str`
timestamp_str	`str`
timestamp	`timestamp`
status	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

auth.jumpcloud.radius.events

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
initiated_by__id	`str`
initiated_by__type	`str`
initiated_by__email	`str`
id	`str`
nas_mfa_state	`str`
auth_type	`str`
eap_type	`str`
client_ip	`ip4`
client_ipv6	`ip6`
geoip__country_code	`str`
geoip__timezone	`str`
geoip__latitude	`float8`
geoip__continent_code	`str`
geoip__region_name	`str`
geoip__region_code	`str`
geoip__longitude	`float8`
service	`str`
success	`bool`
username	`str`
organization	`str`
error_message	`str`
mfa	`bool`
outer__eap_type	`str`
outer__error_message	`str`
outer__username	`str`
timestamp	`timestamp`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

auth.jumpcloud.software.events
auth.jumpcloud.sso.events
auth.jumpcloud.systems.events

auth.jumpcloud.software.events

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
initiated_by__id	`str`
initiated_by__type	`str`
system__hostname	`str`
system__id	`str`
event_type	`str`
application__path	`str`
application__uninstall_string	`str`
application__name	`str`
application__publisher	`str`
application__version	`str`
resource__id	`str`
resource__type	`str`
provider	`str`
service	`str`
organization	`str`
changes	`str`
id	`str`
timestamp	`timestamp`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

auth.jumpcloud.sso.events

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
initiated_by__id	`str`
initiated_by__type	`str`
initiated_by__username	`str`
error_message	`str`
geoip__country_code	`str`
geoip__timezone	`str`
geoip__latitude	`float8`
geoip__continent_code	`str`
geoip__region_name	`str`
geoip__longitude	`float8`
geoip__region_code	`str`
sso_token_success	`bool`
auth_context__policies_applied	`str`
auth_context__system__hostname	`str`
auth_context__system__os	`str`
auth_context__system__display_name	`str`
auth_context__system__id	`str`
auth_context__system__version	`str`
mfa	`bool`
event_type	`str`
application__name	`str`
application__id	`str`
application__sso_url	`str`
application__display_label	`str`
provider	`str`
service	`str`
organization	`str`
at_version	`str`
client_ip	`ip4`
client_ipv6	`ip6`
idp_initiated	`bool`
id	`str`
user_agent__patch	`str`
user_agent__os	`str`
user_agent__minor	`str`
user_agent__major	`str`
user_agent__build	`str`
user_agent__name	`str`
user_agent__os_name	`str`
user_agent__device	`str`
timestamp_str	`str`
timestamp	`timestamp`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

auth.jumpcloud.systems.events

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
initiated_by__id	`str`
initiated_by__type	`str`
initiated_by__username	`str`
error_message	`str`
geoip__country_code	`str`
geoip__timezone	`str`
geoip__latitude	`float8`
geoip__continent_code	`str`
geoip__region_name	`str`
geoip__longitude	`float8`
geoip__region_code	`str`
sso_token_success	`bool`
auth_context__policies_applied	`str`
mfa	`bool`
event_type	`str`
application__name	`str`
application__id	`str`
application__sso_url	`str`
provider	`str`
service	`str`
organization	`str`
at_version	`str`
client_ip	`ip4`
idp_initiated	`bool`
id	`str`
user_agent__patch	`str`
user_agent__os	`str`
user_agent__minor	`str`
user_agent__major	`str`
user_agent__build	`str`
user_agent__name	`str`
user_agent__os_name	`str`
user_agent__device	`str`
timestamp_str	`str`
timestamp	`timestamp`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓